NSX-T Data Center Global Manager REST API
ALBEnforcementPointState (schema)
Enforcement point state for ALB
Valid ENUM values for ALBEnforcementPointState
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBEnforcementPointState | Enforcement point state for ALB Valid ENUM values for ALBEnforcementPointState |
string | Enum: ACTIVATE, DEACTIVATE_PROVIDER, DEACTIVATE_API |
ALGTypeServiceEntry (schema)
An ServiceEntry that represents an ALG protocol
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alg | The Application Layer Gateway (ALG) protocol The Application Layer Gateway (ALG) protocol. Please note, protocol NBNS_BROADCAST and NBDG_BROADCAST are deprecated. Please use UDP protocol and create L4 Port Set type of service instead. |
string | Required Enum: ORACLE_TNS, FTP, SUN_RPC_TCP, SUN_RPC_UDP, MS_RPC_TCP, MS_RPC_UDP, NBNS_BROADCAST, NBDG_BROADCAST, TFTP |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_ports | The destination_port cannot be empty and must be a single value. | array of PortElement | Required Minimum items: 1 Maximum items: 1 |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALGTypeServiceEntry | string | Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry |
| source_ports | array of PortElement | Maximum items: 15 | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
AbstractSpace (schema)
The space in which policy is being defined
Represents the space in which the policy is being defined.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| connectivity_strategy | Connectivity strategy used by this tenant The connectivity strategy is deprecated. Use default layer3 rule, /infra/domains/default/security-policies/default-layer3-security-policy/rules/default-layer3-rule. This field indicates the default connectivity policy for the infra or tenant space WHITELIST - Adds a default drop rule. Administrator can then use "allow" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelisting with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rules are added. |
string | Deprecated Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value AbstractSpace | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
AcceptableComponentVersion (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| acceptable_versions | List of component versions | array of string | Required |
| component_type | Node type | string | Required Enum: HOST, EDGE, CCP, MP |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value AcceptableComponentVersion | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
AcceptableComponentVersionList (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| results | Acceptable version whitelist for different components | array of AcceptableComponentVersion | Required |
Action (schema)
Reaction Action
Reaction Action is the action to take when the stipulated criteria specified
in the event exist over the source. Some example actions include:
- Notify Admin (or VMC's SRE) via email.
- Populate a specific label with the IPSec VPN Session.
- Remove the IPSec VPN Session from a specific label.
This is an abstract type. Concrete child types:
PatchResources
SetFields
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Resource Type Reaction Action resource type. |
string | Required Enum: PatchResources, SetFields |
ActionRequest (schema)
Action request object
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action to be performed Action required to be performed on intent |
string |
ActionableResource (schema)
Resources managed during restore process
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_address | A resource reference on which actions can be performed | string | Format: hostname-or-ip |
| ipv6_address | ipv6 address IPv6 address of the current node |
string | Format: hostname-or-ip |
| resource_type | Must be set to the value ActionableResource | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ActionableResourceListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| instruction_id | Id of the instruction set whose instructions are to be returned | string | Required |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ActionableResourceListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List results | array of ActionableResource | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ActiveDirectoryIdentitySource (schema)
An Active Directory identity source service
An identity source service that runs Microsoft Active Directory. The service allows selected user accounts defined in Active Directory to log into and access NSX-T.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alternative_domain_names | Additional domains to be directed to this identity source After parsing the "user@domain", the domain portion is used to select the LDAP identity source to use. Additional domains listed here will also be directed to this LDAP identity source. In Active Directory these are sometimes referred to as Alternative UPN Suffixes. |
array of string | |
| base_dn | DN of subtree for user and group searches The subtree of the LDAP identity source to search when locating users and groups. |
string | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| domain_name | Authentication domain name The name of the authentication domain. When users log into NSX using an identity of the form "user@domain", NSX uses the domain portion to determine which LDAP identity source to use. |
string | Required |
| id | Unique identifier of this resource | string | Sortable |
| ldap_servers | LDAP servers for this identity source The list of LDAP servers that provide LDAP service for this identity source. Currently, only one LDAP server is supported. |
array of IdentitySourceLdapServer | Maximum items: 3 |
| resource_type | Must be set to the value ActiveDirectoryIdentitySource | string | Required Enum: ActiveDirectoryIdentitySource, OpenLdapIdentitySource |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ActiveStandbySyncStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| description | Description of the status. | string | Required |
| full_sync_status | Status of full sync. | FullSyncStatus | Required |
| is_data_consistent | Indicates whether the data is consistent. Always returned as true when queried on an active Global Manager node. | boolean | Required |
| percentage_completed | Percentage estimate of synchronization progress. Ranges from 0 to 100. This value is only returned when queried on an active Global Manager node. | integer | |
| remaining_entries_to_send | Number of entries pending synchronization. This value is only returned when queried on an active Global Manager node. | integer | |
| standby_site | Name of standby site. | string | Required |
| status | Status of synchronization between active and standby Global Manager nodes. | string | Required Enum: UNAVAILABLE, ERROR, ONGOING, NOT_STARTED |
| sync_type | Type of synchronization currently in effect between active and standby Global Manager nodes. | string | Required Enum: UNAVAILABLE, DELTA_SYNC, FULL_SYNC |
AddClusterNodeVMInfo (schema)
Info for AddClusterNodeVM
Contains a list of cluster node VM deployment requests and optionally
a clustering configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| clustering_config | Configuration for auto-clustering of VMs post-deployment This property is deprecated since ClusteringConfig is no longer needed for auto-installation and will be ignored if provided. |
ClusteringConfig | Deprecated |
| deployment_requests | List of deployment requests Cluster node VM deployment requests to be deployed by the Manager. |
array of ClusterNodeVMDeploymentRequest | Required Minimum items: 1 |
AddressBindingEntry (schema) (Deprecated)
Combination of IP-MAC-VLAN binding
An address binding entry is a combination of the IP-MAC-VLAN binding for
a logical port. The address bindings can be obtained via various methods
like ARP snooping, DHCP snooping etc. or by user configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| binding | Combination of IP-MAC-VLAN binding | PacketAddressClassifier | |
| binding_timestamp | Timestamp of binding Timestamp at which the binding was discovered via snooping or manually specified by the user |
EpochMsTimestamp | |
| source | Address binding source Source from which the address binding entry was obtained |
AddressBindingSource | Default: "UNKNOWN" |
AddressBindingSource (schema) (Deprecated)
Source from which the address binding is obtained
| Name | Description | Type | Notes |
|---|---|---|---|
| AddressBindingSource | Source from which the address binding is obtained | string | Deprecated Enum: INVALID, UNKNOWN, USER_DEFINED, ARP_SNOOPING, DHCP_SNOOPING, VM_TOOLS, ND_SNOOPING, DHCPV6_SNOOPING, VM_TOOLS_V6 |
AdvanceClusterRestoreInput (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| id | Unique id of an instruction (as returned by the GET /restore/status call) for which input is to be provided | string | Required Readonly |
| resources | List of resources for which the instruction is applicable. | array of SelectableResourceReference | Required |
AdvanceClusterRestoreRequest (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| data | List of instructions and their associated data | array of AdvanceClusterRestoreInput | Required |
AdvertisedNetworkCsvRecord (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| network | Advertised Network Advertised network address. |
string | Required Readonly |
| rule_filter_type | Advertised rule filter type Advertised rule filter type |
string | Readonly |
| status | Advertisement status of network advertisement status of network to connected gateway SUCCESS - network route successfully plumbed on target gateway DENIED_BY_TARGET_GATEWAY - network denied by target gateway because of in filter rules or missing inter vrf config |
string | Readonly |
AdvertisedNetworksListRequestParameters (schema)
Advertised networks list parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | Enforcement point path String Path of the enforcement point. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
AggregateDNSForwarderStatistics (schema)
Aggregate of DNS forwarder statistics
Aggregate of DNS forwarder statistics across enforcement points.
| Name | Description | Type | Notes |
|---|---|---|---|
| intent_path | String path of the DNS forwarder intent String path of the DNS forwarder intent. |
string | Required |
| statistics_per_enforcement_point | List of DNS forwarder statistics per enforcement point List of DNS forwarder statistics per enforcement point. |
array of DNSForwarderStatisticsPerEnforcementPoint (Abstract type: pass one of the following concrete types) NsxTDNSForwarderStatistics |
Readonly |
AggregateDNSForwarderStatus (schema)
Aggregate of DNS forwarder status
Aggregate of DNS forwarder status across enforcement points.
| Name | Description | Type | Notes |
|---|---|---|---|
| intent_path | String path of the DNS forwarder intent String path of the DNS forwarder intent. |
string | Required |
| status_per_enforcement_point | List of DNS forwarder status per enforcement point List of DNS forwarder status per enforcement point. |
array of DNSForwarderStatusPerEnforcementPoint (Abstract type: pass one of the following concrete types) NsxTDNSForwarderStatus |
Readonly |
AggregatePolicyDnsAnswer (schema)
Aggregate of DNS forwarder nslookup answer
Aggregate of DNS forwarder nslookup answer across enforcement points.
| Name | Description | Type | Notes |
|---|---|---|---|
| dns_answer_per_enforcement_point | List of DNS forwarder nslookup answer per enforcement point List of DNS forwarder nslookup answer per enforcement point. |
array of PolicyDnsAnswerPerEnforcementPoint | Readonly |
| intent_path | String path of the DNS forwarder intent String path of the DNS forwarder intent. |
string | Required |
AggregatePolicyRuntimeInfo (schema)
Aggregate of PolicyRuntimeInfoPerEP
Aggregate of PolicyRuntimeInfoPerEP across Enforcement Points.
| Name | Description | Type | Notes |
|---|---|---|---|
| intent_path | String Path of the intent object Intent path of object, forward slashes must be escaped using %2F. |
string | Required Readonly |
AggregatedDataCounter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| rx_bytes | DataCounter | Readonly | |
| rx_packets | DataCounter | Readonly | |
| tx_bytes | DataCounter | Readonly | |
| tx_packets | DataCounter | Readonly |
AggregatedDataCounterEx (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dropped_by_firewall_packets | DfwDropCounters | Readonly | |
| dropped_by_security_packets | PacketsDroppedBySecurity | Readonly | |
| mac_learning | MacLearningCounters | Readonly | |
| rx_bytes | DataCounter | Readonly | |
| rx_packets | DataCounter | Readonly | |
| tx_bytes | DataCounter | Readonly | |
| tx_packets | DataCounter | Readonly |
AggregatedLogicalRouterPortCounters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| rx | LogicalRouterPortCounters | Readonly | |
| tx | LogicalRouterPortCounters | Readonly |
AntreaContainerClusterNode (schema)
Antrea container cluster and its nodes requiring a support bundle
| Name | Description | Type | Notes |
|---|---|---|---|
| cluster_id | The UUID of the container cluster | string | Required |
| nodes | List of at most 200 container node UUIDs requiring a support bundle | array of string | Minimum items: 1 |
AntreaSupportBundleContainerNode (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| clusters | List of AntreaContainerClusterNodes identifying container clusters and their nodes | array of AntreaContainerClusterNode | Minimum items: 1 |
| container_type | Must be set to the value AntreaSupportBundleContainerNode | string | Required Enum: ANTREA |
AntreaTraceflowConfig (schema)
Antrea traceflow configuration
The configuration for Antrea traceflow.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| container_cluster_id | Container cluster ID Container cluster ID in inventory. This property is used to identify multiple clusters under single NSX-T. |
string | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_external_id | Destination external id Destination external id for Antrea traceflow. Must be ContainerApplicationInstance or ContainerApplication. Ignored if destination_ip provided in packet data. |
string | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_transient | Marker to indicate if intent is transient This field indicates if intent is transient and will be cleaned up by the system if set to true. |
boolean | Default: "True" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| packet | Packet configuration Configuration of packet data. |
AntreaTraceflowPacketData | |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value AntreaTraceflowConfig | string | |
| source_external_id | Source external id Source external id for Antrea traceflow. Must be ContainerApplicationInstance external_id. |
string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
AntreaTraceflowIcmpEchoRequestHeader (schema)
IcmpEchoHeader for Antrea traceflow
IcmpEchoRequest header stuffs for Antrea traceflow.
| Name | Description | Type | Notes |
|---|---|---|---|
| id | IcmpEchoRequest id Id of IcmpEchoRequest. |
integer | |
| sequence | Icmp sequence Sequence number of IcmpEchoRequest. |
integer |
AntreaTraceflowIpHeader (schema)
IpHeader for Antrea traceflow
Ip header stuffs for Antrea traceflow.
| Name | Description | Type | Notes |
|---|---|---|---|
| dstIp | Destination ip Destination ip address in IpHeader. |
string | |
| flags | Flags Protocol setting in IpHeader. |
integer | |
| protocol | Protocol Protocol setting in IpHeader. |
integer | |
| srcIp | Source ip Source ip address in IpHeader. |
string | |
| ttl | Time to live TTL value in IpHeader. Default is 64. |
integer |
AntreaTraceflowIpv6Header (schema)
Ipv6Header for Antrea traceflow
Ipv6 header stuffs for Antrea traceflow.
| Name | Description | Type | Notes |
|---|---|---|---|
| dstIp | Destination ip Destination ip address in Ipv6Header. |
string | |
| hopLimit | Hop limit Hop limit setting in Ipv6Header. |
integer | |
| nextHeader | Next header Next header setting in Ipv6Header. |
integer | |
| srcIp | Source ip Source ip address in Ipv6Header. |
string |
AntreaTraceflowPacketData (schema)
Packet data for Antrea traceflow
Packet data stuffs for Antrea traceflow.
| Name | Description | Type | Notes |
|---|---|---|---|
| frameSize | Packet frame size This property is used to set packet data size. |
integer | |
| ipHeader | Ipv4 header configuration This property is used to set ipv4 header data. |
AntreaTraceflowIpHeader | |
| ipv6Header | Ipv6 header configuration This property is used to set ipv6 header data. |
AntreaTraceflowIpv6Header | |
| payload | Packet payload This property is used to set payload data. |
string | |
| resourceType | Packet resource type This property is used to set resource type. |
string | Enum: FIELDS_PACKET_DATA, BINARY_PACKET_DATA |
| transportHeader | Transport header configuration This property is used to set transport header data. |
AntreaTraceflowTransportHeader | |
| transportType | Transport type This property is used to set transport type. |
string | Enum: UNICAST, MULTICAST, BROADCAST, UNKNOWN |
AntreaTraceflowTcpHeader (schema)
TcpHeader for Antrea traceflow
Tcp header stuffs for Antrea traceflow.
| Name | Description | Type | Notes |
|---|---|---|---|
| dstPort | Destination port Destination port number in TcpHeader. |
integer | |
| srcPort | Source port Source port number in TcpHeader. |
integer | |
| tcpFlags | Tcp flags Tcp flags in TcpHeader. SYN flag must be set for traceflow. |
integer |
AntreaTraceflowTransportHeader (schema)
TransportHeader for Antrea traceflow
Transport header stuffs for Antrea traceflow.
| Name | Description | Type | Notes |
|---|---|---|---|
| icmpEchoRequestHeader | IcmpEchoRequestHeader for Antrea traceflow IcmpEchoRequest header stuffs for Antrea traceflow. |
AntreaTraceflowIcmpEchoRequestHeader | |
| tcpHeader | TcpHeader for Antrea traceflow Tcp header stuffs for Antrea traceflow. |
AntreaTraceflowTcpHeader | |
| udpHeader | UdpHeader for Antrea traceflow Udp header stuffs for Antrea traceflow. |
AntreaTraceflowUdpHeader |
AntreaTraceflowUdpHeader (schema)
UdpHeader for Antrea traceflow
Udp header stuffs for Antrea traceflow.
| Name | Description | Type | Notes |
|---|---|---|---|
| dstPort | Destination port Destination port number in UdpHeader. |
integer | |
| srcPort | Source port Source port number in UdpHeader. |
integer |
AphInfo (schema)
Apliance proxy hub information
APH information.
| Name | Description | Type | Notes |
|---|---|---|---|
| address | IP address of APH service | string | Required |
| certificate | PEM Certificate of APH service | string | Required |
| fqdn | FQDN, only returned by GET /sites and GET /sites/self | string | |
| node_id | Node ID of the APH service | string | Required |
| port | Port of APH service | integer | Required |
| use_fqdn | whether or not fqdn flag is on | boolean | |
| uuid | ID of the APH service | string | Required |
ApiError (schema)
Detailed information about an API Error
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Further details about the error | string | |
| error_code | A numeric error code | integer | |
| error_data | Additional data about the error | object | |
| error_message | A description of the error | string | |
| module_name | The module name where the error occurred | string | |
| related_errors | Other errors related to this error | array of RelatedApiError |
ApiRequestBody (schema)
API Request Body
API Request Body is an Event Source that represents an API request body that
is being reveived as part of an API. Supported Request Bodies are those received
as part of a PATCH/PUT/POST request.
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_pointer | Resource Pointer Regex path representing a regex expression on resources. This regex is used to identify the request body(ies) that is/are the source of the Event. For instance: specifying "Lb* | /infra/tier-0s/vmc/ipsec-vpn-services/default" as a source means that ANY resource starting with Lb or ANY resource with "/infra/tier-0s/vmc/ipsec-vpn-services/default" as path would be the source of the event in question. |
string | Required |
| resource_type | Must be set to the value ApiRequestBody | string | Required Enum: ResourceOperation, ApiRequestBody |
ApiServiceConfig (schema)
Configuration of the API service
Properties that affect the configuration of the NSX API service.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| basic_authentication_enabled | Enable or disable basic authentication Identifies whether basic authentication is enabled or disabled in API calls. |
boolean | Default: "True" |
| cipher_suites | Cipher suites used to secure contents of connection The TLS cipher suites that the API service will negotiate. |
array of CipherSuite | Minimum items: 1 |
| client_api_concurrency_limit | Client API rate limit in calls The maximum number of concurrent API requests that will be serviced for a given authenticated client. If the number of API requests being processed exceeds this limit, new API requests will be refused and a 503 Service Unavailable response will be returned to the client. To disable API concurrency limiting, set this value to 0. |
integer | Minimum: 0 Default: "40" |
| client_api_rate_limit | Client API rate limit in calls per second The maximum number of API requests that will be serviced per second for a given authenticated client. If more API requests are received than can be serviced, a 429 Too Many Requests HTTP response will be returned. To disable API rate limiting, set this value to 0. |
integer | Minimum: 0 Default: "100" |
| connection_timeout | NSX connection timeout NSX connection timeout, in seconds. To disable timeout, set to 0. |
integer | Minimum: 0 Maximum: 2147483647 Default: "30" |
| cookie_based_authentication_enabled | Enable or disable cookie-based authentication Identifies whether cookie-based authentication is enabled or disabled in API calls. When cookie-based authentication is disabled, new sessions cannot be created via /api/session/create. |
boolean | Default: "True" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| global_api_concurrency_limit | Global API rate limit in calls The maximum number of concurrent API requests that will be serviced. If the number of API requests being processed exceeds this limit, new API requests will be refused and a 503 Service Unavailable response will be returned to the client. To disable API concurrency limiting, set this value to 0. |
integer | Minimum: 0 Default: "199" |
| id | Unique identifier of this resource | string | Sortable |
| lockout_immune_addresses | IP addresses which are not subject to lockout on failed login attempts The list of IP addresses which are not subjected to a lockout on failed login attempts. |
array of IPAddress | |
| protocol_versions | TLS protocol versions The TLS protocol versions that the API service will negotiate. |
array of ProtocolVersion | Minimum items: 1 |
| redirect_host | Hostname/IP to use in redirect headers Host name or IP address to use for redirect location headers, or empty string to derive from current request. To disable, set redirect_host to the empty string (""). |
HostnameOrIPv4AddressOrEmptyString | Default: "" |
| resource_type | Must be set to the value ApiServiceConfig | string | |
| session_timeout | NSX session inactivity timeout | integer | Minimum: 0 Maximum: 2147483647 Default: "1800" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ApplianceManagementSuppressRedirectQueryParameter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| suppress_redirect | Suppress redirect status if applicable Do not return a redirect HTTP status. |
boolean | Default: "False" |
ApplianceManagementTaskListResult (schema)
Appliance management task query results
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Task property results | array of ApplianceManagementTaskProperties | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ApplianceManagementTaskProperties (schema)
Appliance management task properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| async_response_available | True if response for asynchronous request is available | boolean | Readonly |
| cancelable | True if this task can be canceled | boolean | Readonly |
| description | Description of the task | string | Readonly |
| details | Details about the task if known | object | Readonly |
| end_time | The end time of the task in epoch milliseconds | EpochMsTimestamp | Readonly |
| id | Identifier for this task | string | Readonly Pattern: "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}_[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" |
| message | A message describing the disposition of the task | string | Readonly |
| progress | Task progress if known, from 0 to 100 | integer | Readonly Minimum: 0 Maximum: 100 |
| request_method | HTTP request method | string | Readonly |
| request_uri | URI of the method invocation that spawned this task | string | Readonly |
| start_time | The start time of the task in epoch milliseconds | EpochMsTimestamp | Readonly |
| status | Current status of the task | ApplianceManagementTaskStatus | Readonly |
| user | Name of the user who created this task | string | Readonly |
ApplianceManagementTaskQueryParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| fields | Fields to include in query results Comma-separated field names to include in query result |
string | |
| request_method | Request method(s) to include in query result Comma-separated request methods to include in query result |
string | Pattern: "^(=|!=|~|!~)?.+$" |
| request_path | Request URI path(s) to include in query result Comma-separated request paths to include in query result |
string | Pattern: "^(=|!=|~|!~)?.+$" |
| request_uri | Request URI(s) to include in query result Comma-separated request URIs to include in query result |
string | Pattern: "^(=|!=|~|!~)?.+$" |
| status | Status(es) to include in query result Comma-separated status values to include in query result |
string | Pattern: "^(=|!=|~|!~)?.+$" |
| user | Names of users to include in query result Comma-separated user names to include in query result |
string | Pattern: "^(=|!=|~|!~)?.+$" |
ApplianceManagementTaskStatus (schema)
Current status of the appliance management task
| Name | Description | Type | Notes |
|---|---|---|---|
| ApplianceManagementTaskStatus | Current status of the appliance management task | string | Enum: running, error, success, canceling, canceled, killed |
ApplicationConnectivityStrategy (schema)
Application specific connectivity strategy
Allows more granular policies for application workloads
| Name | Description | Type | Notes |
|---|---|---|---|
| application_connectivity_strategy | Application connectivity strategy App connectivity strategies |
string | Required Enum: ALLOW_INTRA, ALLOW_EGRESS, ALLOW_INGRESS, DROP_INGRESS, DROP_EGRESS |
| default_application_rule_id | Default rule ID associated with the application_connectivity_strategy Based on the value of the app connectivity strategy, a default rule is created for the security policy. The rule id is internally assigned by the system for this default rule. |
integer | Readonly |
| logging_enabled | Enable logging flag Flag to enable packet logging. Default is deactivated. |
boolean | Default: "False" |
ApplyCertificateParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| node_id | Node Id Optional node-id to which to apply the certificate. The cluster_certificate field of the matching Certificate Profile must be false, as those get applied to all nodes. |
string | Maximum length: 255 |
| service_type | Service Type Service Type of the CertificateProfile to apply the certificate to. |
ServiceType | Required |
ArpHeader (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dst_ip | The destination IP address | IPv4Address | Required |
| op_code | Arp message type This field specifies the nature of the Arp message being sent. |
string | Required Enum: ARP_REQUEST, ARP_REPLY Default: "ARP_REQUEST" |
| src_ip | The source IP address This field specifies the IP address of the sender. If omitted, the src_ip is set to 0.0.0.0. |
IPv4Address |
ArpSnoopingConfig (schema)
ARP Snooping Configuration
Contains ARP snooping related configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| arp_binding_limit | Maximum number of ARP bindings Number of arp snooped IP addresses Indicates the number of arp snooped IP addresses to be remembered per LogicalPort. Decreasing this value, will retain the latest bindings from the existing list of address bindings. Increasing this value will retain existing bindings and also learn any new address bindings discovered on the port until the new limit is reached. |
int | Minimum: 1 Maximum: 256 Default: "1" |
| arp_snooping_enabled | Is ARP snooping enabled or not Indicates whether ARP snooping is enabled |
boolean | Default: "True" |
ArpTableRequestParameters (schema)
Routes request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| edge_path | Policy path of edge node Policy path of edge node. Edge node must be member of enforcement point. Edge path is required when interface specified is either service or loopback interface. |
string | |
| enforcement_point_path | Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format. |
string | |
| host_transport_node_path | Policy path of host transport node Policy path of host transport node. In case of API used from Global Manager, use the HostTransportNode path from Local Manager. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
AttachedInterfaceEntry (schema)
Attached interface information for Bare metal server
The Attached interface is only effective for the segment port on Bare metal server.
| Name | Description | Type | Notes |
|---|---|---|---|
| app_intf_name | The name of application interface | string | Required |
| default_gateway | Gateway IP | IPAddress | |
| migrate_intf | Interface name to migrate IP configuration on migrate_intf will migrate to app_intf_name. It is used for Management and Application sharing the same IP. |
string | |
| routing_table | Routing rules | array of string |
Attribute (schema)
Attributes
Attribute specific to a partner. There attributes are passed on to the partner appliance and is opaque to the NSX Manager. The Attributes used by the partner applicance.
| Name | Description | Type | Notes |
|---|---|---|---|
| attribute_type | Attributetype. Attribute Type can be of any of the allowed enum type. |
string | Enum: IP_ADDRESS, PORT, PASSWORD, STRING, LONG, BOOLEAN |
| display_name | Display name Attribute display name string value. |
string | |
| key | key Attribute key string value. |
string | Required |
| read_only | read only Read only Attribute cannot be overdidden by service instance/deployment. |
boolean | Default: "False" |
| value | value Attribute value string value. |
string |
AttributeVal (schema)
Attribute values of realized type
Contains type specific properties of generic realized entity
| Name | Description | Type | Notes |
|---|---|---|---|
| data_type | Datatype of property represented by this attribute Datatype of the property |
string | Required Readonly Enum: STRING, DATE, INTEGER, BOOLEAN |
| key | Key for the attribute value Attribute key |
string | |
| multivalue | multivalue flag If attribute has a single value or collection of values |
boolean | Readonly |
| values | List of values for the attribute List of attribute values |
array of string | Readonly |
AuthServiceProperties (schema)
Auth Service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| logging_level | Service logging level | string | Enum: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE Default: "INFO" |
AuthenticationPolicyProperties (schema)
Configuration of authentication and password policies for the NSX node
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _retry_prompt | Prompt user at most N times before returning with error. | integer | Readonly Default: "3" |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| api_failed_auth_lockout_period | Lockout period in seconds Once a lockout occurs, the account remains locked out of the API for this time period. Only applies to NSX Manager nodes. Ignored on other node types. |
integer | Minimum: 0 Default: "900" |
| api_failed_auth_reset_period | Period, in seconds, for authentication failures to trigger lockout In order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period expires, the failed login count is reset to zero. Only applies to NSX Manager nodes. Ignored on other node types. |
integer | Minimum: 0 Default: "900" |
| api_max_auth_failures | Number of authentication failures that trigger API lockout Only applies to NSX Manager nodes. Ignored on other node types. |
integer | Minimum: 0 Default: "5" |
| cli_failed_auth_lockout_period | Lockout period in seconds Once a lockout occurs, the account remains locked out of the CLI for this time period. While the lockout period is in effect, additional authentication attempts restart the lockout period, even if a valid password is specified. |
integer | Minimum: 0 Maximum: 604800 Default: "900" |
| cli_max_auth_failures | Number of authentication failures that trigger CLI lockout | integer | Minimum: 0 Maximum: 10 Default: "5" |
| digits | Number of digits in password Number of digits (0..9) expected in user password. N < 0, to set minimum credit for having digits in the new password, i.e.
N > 0, to set maximum credit for having digits in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 digit is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
| hash_algorithm | Hash algorithm Sets hash/cryptographic algorithm type for new passwords. |
string | Enum: sha512, sha256 Default: "sha512" |
| lower_chars | Number of lower-case characters in password Number of lower case characters (a..z) expected in user password. N < 0, to set minimum credit for having lower case characters in the new password, i.e.
N > 0, to set maximum credit for having lower case characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 lower case character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
| max_repeats | Number of same consecutive characters Reject passwords which contain more than N same consecutive characters, like aaa or 7777. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
| max_sequence | Length of permissible monotonic sequence in password substring Reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
| maximum_password_length | Maximum password length Maximum number of characters allowed in password; user can not set their password of length greater than this parameter. By default maximum length of password is 128 characters. |
integer | Minimum: 8 Maximum: 128 Default: "128" |
| minimum_password_length | Minimum password length Minimum number of characters expected in password; user can not set their password of length less than this parameter. NOTE, for existing users upgrading to NSX-T datacenter version 4.0 or above - if existing appliance is configured with VMware recommends to set strong passwords for systems and appliances, further
If any existing user passwords are set with length of less than newly configured
If existing By default minimum length of password is 12 characters and passwords less than 8 characters are never allowed. |
integer | Minimum: 8 Maximum: 128 Default: "12" |
| minimum_unique_chars | Number of unique characters from old password Number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
| password_remembrance | Password remembrance from previous generations Limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0. |
integer | Minimum: 0 Default: "0" |
| special_chars | Number of special characters in password Number of special characters (!@#$&*..) expected in user password. N < 0, to set minimum credit for having special characters in the new password, i.e.
N > 0, to set maximum credit for having special characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 special character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
| upper_chars | Number of upper-case characters in password Number of upper case characters (A..Z) expected in user password. N < 0, to set minimum credit for having upper case characters in the new password, i.e.
N > 0, to set maximum credit for having upper case characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 upper case character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
AuthenticationScheme (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| scheme_name | Authentication scheme name | string | Required |
AutoRds (schema)
Auto assigned Route Distinguishers
This object holds auto assigned route distinguishers for Layer 2 and Layer 3 configurations.
| Name | Description | Type | Notes |
|---|---|---|---|
| l2_auto_rds | List of layer 2 Auto assigned Route Distinguisher | array of L2AutoRD | |
| l3_auto_rd | Layer 3 Auto assigned Route Distinguisher This field is auto assigned by the system. The auto RD seed is populated when user does not assign a route_distinguisher field in the gateway. |
string |
AviConnectionInfo (schema)
Avi Connection Info
Credential info to connect to a AVI type of enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate | Certificate used when on-borading workflow created by LCM/VCF. Certificate used when on-borading workflow created by LCM/VCF. |
string | |
| cloud | Cloud Clouds are containers for the environment that Avi Vantage is installed or operating within. During initial setup of Vantage, a default cloud, named Default-Cloud, is created. This is where the first Controller is deployed, into Default-Cloud. Additional clouds may be added, containing SEs and virtual services. This is a deprecated property. Cloud has been renamed to cloud_name and it will added from specific ALB entity. |
string | Deprecated |
| enforcement_point_address | Enforcement Point Address Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be "10.192.1.1" - On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789" - On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi" |
string | Required |
| expires_at | Expiry time of the token Expiry time of the token will be set by LCM at the time of Enforcement Point Creation. |
string | |
| is_default_cert | Advanced Load Balancer controller using default portal certificate. Advanced Load Balancer controller using default portal certificate. |
boolean | |
| managed_by | Managed by used when on-borading workflow created by LCM/VCF. Managed by used when on-borading workflow created by LCM/VCF. |
string | |
| password | Password or Token for Avi Controller Password or Token for Avi Controller. |
secure_string | Required |
| resource_type | Must be set to the value AviConnectionInfo | string | Required Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo |
| status | Enforcement point state for ALB This is connection property which checks whether ALB is connected to the controller. Enum options - ACTIVATE, DEACTIVATE_PROVIDER, DEACTIVATE_API. Default value is DEACTIVATE_API. |
ALBEnforcementPointState | Required Default: "DEACTIVATE_API" |
| tenant | Tenant A tenant is an isolated instance of Avi Controller. Each Avi user account is associated with one or more tenants. The tenant associated with a user account defines the resources that user can access within Avi Vantage. When a user logs in, Avi restricts their access to only those resources that are in the same tenant |
string | Required |
| thumbprint | Thumbprint of Enforcement Point Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. |
string | |
| username | Username Username. |
secure_string | Required |
| version | Version Avi supports API versioning for backward compatibility with automation scripts written for an object model older than the current one. Such scripts need not be updated to keep up with object model changes This is a deprecated property. The version is now auto populated from property file and its value can be read using APIs |
string | Deprecated |
Axes (schema)
Axes of a graph
Represents X and Y axes of a graph. For a multi-graph, the same axes are shared by all the graphs.
| Name | Description | Type | Notes |
|---|---|---|---|
| x_label | Label for X axis of a graph | Label | |
| x_labels | A list of X-Axis Labels with condition support. A list of X-Axis Labels with condition support. If needed, this property can be used to provide a list of x-axis label with condition support. For a label with single condition,'x-label' property can be used. |
array of Label | Minimum items: 0 |
| y_axis_unit_labels | A list of Y-Axis unit Labels with condition support. A list of Y-Axis unit Labels with condition support. If needed, this property can be used to provide a list of y-axis unit label with condition support. This unit label can be used to display the point value along with units like percentage, milliseconds etc. |
array of Label | Minimum items: 0 |
| y_axis_units | A list of Y-Axis unit with condition support. A list of Y-Axis unit with condition support. If needed, this property can be used to provide a list of y-axis unit with condition support. This unit could be like percentage, seconds, milliseconds etc. |
array of AxisUnit | Minimum items: 0 |
| y_label | Label for Y axis of a graph | Label | |
| y_labels | A list of Y-Axis Labels with condition support. A list of Y-Axis Labels with condition support. If needed, this property can be used to provide a list of y-axis label with condition support. For a label with single condition,'y-label' property can be used. |
array of Label | Minimum items: 0 |
AxisUnit (schema)
Axis unit of a graph
Represents X and Y axis unit of a graph.
| Name | Description | Type | Notes |
|---|---|---|---|
| condition | Expression for evaluating condition If the condition is met then the above unit will be displayed. to UI. If no condition is provided, then the unit will be displayed unconditionally. |
string | Maximum length: 1024 |
| unit | An Axis unit. An Axis unit. |
string | Enum: COUNT, PERCENT, BYTES, MILLISECONDS, SECONDS, MINUTE, HOUR, DAY, KILO_BYTES, MEGA_BYTES, GIGA_BYTES |
BMSGroupAssociationRequestParams (schema)
List request parameters containing Physical server external ID and enforcement point path
List request parameters containing Physical server external ID and enforcement point path
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F. |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| physical_server_external_id | Physical external ID | string | Required |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
BackupConfiguration (schema)
Configuration for taking manual/automated backup
| Name | Description | Type | Notes |
|---|---|---|---|
| after_inventory_update_interval | A number of seconds after a last backup, that needs to pass, before a topology change will trigger a generation of a new cluster/node backups. If parameter is not provided, then changes in a topology will not trigger a generation of cluster/node backups. | integer | Minimum: 300 Maximum: 86400 |
| backup_enabled | true if automated backup is enabled | boolean | Default: "False" |
| backup_schedule | Set when backups should be taken - on a weekly schedule or at regular intervals. | BackupSchedule (Abstract type: pass one of the following concrete types) IntervalBackupSchedule WeeklyBackupSchedule |
|
| inventory_summary_interval | The minimum number of seconds between each upload of the inventory summary to backup server. | integer | Minimum: 30 Maximum: 3600 Default: "240" |
| passphrase | Passphrase used to encrypt backup files. Passphrase used to encrypt backup files. The passphrase specified must be at least 8 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one special character (any other non-space character). |
secure_string | |
| remote_file_server | The server to which backups will be sent. | RemoteFileServer |
BackupFrameRequestParameters (schema)
Backup Frame Request Parameters
Parameters (site_id, etc), that describes a backup/restore frame
| Name | Description | Type | Notes |
|---|---|---|---|
| frame_type | Frame type This attribute is used to indicate the service on current site or other site for which backup is handled in a frame. LOCAL_LOCAL_MANAGER corresponds to local LM of the site. LOCAL_MANAGER cprresponds to LM of other site. |
string | Readonly Enum: GLOBAL_MANAGER, LOCAL_MANAGER, LOCAL_LOCAL_MANAGER, NSX_INTELLIGENCE Default: "LOCAL_LOCAL_MANAGER" |
| site_id | Site ID Site ID of LM site, which will be supported in a frame |
string | Default: "localhost" |
BackupOperationHistory (schema)
Past backup operation details
| Name | Description | Type | Notes |
|---|---|---|---|
| cluster_backup_statuses | Statuses of previous cluster backups | array of BackupOperationStatus | |
| inventory_backup_statuses | Statuses of previous inventory backups | array of BackupOperationStatus | |
| node_backup_statuses | Statuses of previous node backups | array of BackupOperationStatus | |
| overall_backup_status | Overall status of last backup This attribute is used to indicate the overall backup status |
string | Enum: NOT_AVAILABLE, IN_PROGRESS, SUCCESS, FAILED |
BackupOperationStatus (schema)
Backup operation status
| Name | Description | Type | Notes |
|---|---|---|---|
| backup_id | Unique identifier of a backup | string | Required |
| end_time | Time when operation was ended | EpochMsTimestamp | |
| error_code | Error code | string | Enum: BACKUP_NOT_RUN_ON_MASTER, BACKUP_SERVER_UNREACHABLE, BACKUP_AUTHENTICATION_FAILURE, BACKUP_PERMISSION_ERROR, BACKUP_TIMEOUT, BACKUP_BAD_FINGERPRINT, BACKUP_GENERIC_ERROR, UPGRADE_IN_PROGRESS |
| error_message | Error code details | string | |
| start_time | Time when operation was started | EpochMsTimestamp | |
| success | True if backup is successfully completed, else false | boolean | Required |
BackupOverview (schema)
Backup overview
Data for a single backup/restore card
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| backup_config | Backup configuration Configuration to generate a manual/automated backup |
BackupConfiguration | Required |
| backup_operation_history | Last backup status Status of the last backup execution per component |
BackupOperationHistory | Required |
| current_backup_operation_status | Current backup status Backup status decribes type, phase, success/failure and time of a | latest backup execution |
CurrentBackupOperationStatus | Required |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| restore_status | Current restore status Status of restore process executing/executed on appliance |
ClusterRestoreStatus | Required |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List of timestamps of backed-up cluster files | array of ClusterBackupInfo | Required Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
BackupOverviewRequestParameters (schema)
Backup overview request parameters
Parameters, that REST API client needs to provide, in order to get data for
a backup/restore card with or without a list of generated backups.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| frame_type | Frame type This attribute is used to indicate the service on current site or other site for which backup is handled in a frame. LOCAL_LOCAL_MANAGER corresponds to local LM of the site. LOCAL_MANAGER cprresponds to LM of other site. |
string | Readonly Enum: GLOBAL_MANAGER, LOCAL_MANAGER, LOCAL_LOCAL_MANAGER, NSX_INTELLIGENCE Default: "LOCAL_LOCAL_MANAGER" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| show_backups_list | Need a list of backups True to request a list of backups |
boolean | Default: "True" |
| site_id | UUID of the site UUID of LM site, which will be supported in a frame |
string | Default: "localhost" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
BackupSchedule (schema)
Abstract base type for Weekly or Interval Backup Schedule
This is an abstract type. Concrete child types:
IntervalBackupSchedule
WeeklyBackupSchedule
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Schedule type | string | Required Enum: WeeklyBackupSchedule, IntervalBackupSchedule |
BackupUiFramesInfo (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| active_gm | Does site have active GM | string | Readonly Enum: ACTIVE, STANDBY, NONE, INVALID |
| api_endpoint | prefix to be used for api call | string | Required Readonly Enum: global-manager, nsxapi, ica |
| frame_type | Type of service, for which backup is handled | string | Required Readonly Enum: GLOBAL_MANAGER, LOCAL_MANAGER, LOCAL_LOCAL_MANAGER, NSX_INTELLIGENCE |
| site_id | Id of the site | string | Required Readonly |
| site_version | Version of the site | string | Required Readonly |
BackupUiFramesInfoList (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| backup_frames_list | List of backup frames(and metadata) to be displayed in UI | array of BackupUiFramesInfo | Required Readonly |
BaseCompatibilityCheckResult (schema)
Precheck result for onboaring standby Global Manager or remote Site to
federation
description: |
Result of prechecks run for onboarding standby Global Manager or remote
site. The checks include NSX version compatibility with active Global
Manager, Round Trip Time (RTT), etc. Note that some of checks like RTT are
soft limits.
| Name | Description | Type | Notes |
|---|---|---|---|
| local_nsx_version | Local Site NSX version where active Global Mananger is running Local Site NSX version where active Global Mananger is running. |
string | Readonly |
| nsx_version | Remote Site NSX version Remote Site NSX version. |
string | Readonly |
| rtt | Round trip time to the remote Site or Global Manager from active
Global Manager
Round trip time to the remote Site or Global Manager from active Global Manager. |
integer | Readonly |
| rtt_exceeded | Flag to indicate if RTT to remote Site exceeds the recommended limit Flag to indicate if RTT to remote Site exceeds the recommended limit. |
boolean | Readonly |
| version_compatible | Flag to indicate if remote Site NSX version is compatible Flag to indicate if remote Site NSX version is compatible with active Global Manager. |
boolean | Readonly |
BaseConsolidatedStatusPerEnforcementPoint (schema)
Base class for ConsolidatedStatusPerEnforcementPoint
Consolidated Realized Status Per Enforcement Point.
This is an abstract type. Concrete child types:
ConsolidatedStatusNsxT
ConsolidatedStatusPerEnforcementPoint
| Name | Description | Type | Notes |
|---|---|---|---|
| alarm | Alarm Information Details Alarm information details. |
PolicyRuntimeAlarm | Readonly |
| consolidated_status | Consolidated Realized Status Consolidated Realized Status of an Intent object per enforcement point. |
ConsolidatedStatus | Readonly |
| enforcement_point_id | Enforcement Point Id Enforcement Point Id. |
string | Readonly |
| enforcement_point_path | Enforcement point Path Policy Path referencing the enforcement point where the info is fetched. |
string | Readonly |
| resource_type | string | Required | |
| site_path | Site Path The site where this enforcement point resides. |
string | Readonly |
BaseEdgeStatisticsRequestParameters (schema)
Routes request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| edge_path | Policy path of edge node Policy path of edge node. Edge node must be member of enforcement point. Edge path is required when interface specified is either service or loopback interface. |
string | |
| enforcement_point_path | Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format. |
string | |
| host_transport_node_path | Policy path of host transport node Policy path of host transport node. In case of API used from Global Manager, use the HostTransportNode path from Local Manager. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
BaseEndpoint (schema)
An endpoint to be used in redirection rule
Represents an endpoint which will be used as subject in rule.
It is a polymorphic type object which can be either of the types -
1. Virtual
2. Logical
We have 2 separate objects representing these 2 types.
VirtualEndPoint for Virtual type and ServiceInstanceEndpoint
for Logical.
This is an abstract type. Concrete child types:
ServiceInstanceEndpoint
VirtualEndpoint
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value BaseEndpoint | string | Required Enum: VirtualEndpoint, ServiceInstanceEndpoint |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| target_ips | IP addresses to redirect the traffic to IPs where either inbound or outbound traffic is to be redirected. |
array of IPInfo | Required Minimum items: 1 Maximum items: 1 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
BaseInterfaceGroup (schema)
Base gateway Interface group
Tier0/Tier1 Interface group for interface grouping.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| members | Tier0/Tier1 interface memeber list List of interface reference. Interface must belong to same location. |
array of GatewayInterfaceReference | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value BaseInterfaceGroup | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
BaseListRequestParameters (schema)
Routes request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
BasePolicyServiceInstance (schema)
Represents an instance of partner Service and its configuration
Represents an instance of partner Service and its configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| deployment_mode | Deployment Mode Deployment mode specifies how the partner appliance will be deployed i.e. in HA or standalone mode. |
string | Enum: STAND_ALONE, ACTIVE_STANDBY Default: "ACTIVE_STANDBY" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| partner_service_name | Name of Partner Service Unique name of Partner Service in the Marketplace |
string | Required |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value BasePolicyServiceInstance | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transport_type | Transport Type Transport to be used while deploying Service-VM. |
string | Enum: L2_BRIDGE, L3_ROUTED Default: "L2_BRIDGE" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
BaseRule (schema)
A rule represent base properties for ,dfw, forwarding, redirection rule
A rule indicates the action to be performed for various types of traffic flowing between workload groups.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_groups | Destination group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| destinations_excluded | Negation of destination groups If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups |
boolean | Default: "False" |
| direction | Direction Define direction of traffic. |
string | Enum: IN, OUT, IN_OUT Default: "IN_OUT" |
| disabled | Flag to deactivate the rule Flag to deactivate the rule. Default is activated. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_protocol | IPv4 vs IPv6 packet type Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null. |
string | Enum: IPV4, IPV6, IPV4_IPV6 |
| is_default | Default rule flag A flag to indicate whether rule is a default rule. |
boolean | Readonly |
| logged | Enable logging flag Flag to enable packet logging. Default is deactivated. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| notes | Text for additional notes on changes Text for additional notes on changes. |
string | Maximum length: 2048 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profiles | Layer 7 service profiles or TLS action profile Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed. |
array of string | Maximum items: 128 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value BaseRule | string | |
| rule_id | Unique rule ID This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on. |
integer | Readonly |
| scope | The list of policy paths where the rule is applied
LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number of the this Rule This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number |
int | Minimum: 0 |
| service_entries | Raw services In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null. |
array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry |
Maximum items: 128 |
| services | Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| source_groups | Source group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| sources_excluded | Negation of source groups If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups |
boolean | Default: "False" |
| tag | Tag applied on the rule User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
BaseRuleListResult (schema)
Paged Collection of Rules
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
BaseTier0Interface (schema)
Tier-0 interface configuration
Tier-0 interface configuration for external connectivity.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dhcp_relay_path | policy path of referenced dhcp-relay-config Policy path of dhcp-relay-config to be attached to this Interface. |
string | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value BaseTier0Interface | string | |
| subnets | IP address and subnet specification for interface Specify IP address and network prefix for interface. |
array of InterfaceSubnet | Required Minimum items: 1 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
BasicAuthenticationScheme (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| password | Password to authenticate with | string | Required |
| scheme_name | Authentication scheme name | string | Required Enum: basic |
| username | User name to authenticate with | string | Required Pattern: "^.+$" |
BatchParameter (schema)
Options that affect how batch operations are processed
| Name | Description | Type | Notes |
|---|---|---|---|
| atomic | Ignored (transactional atomicity flag) This flag is ignored. Transactional atomicity is no longer supported. |
boolean | Default: "False" |
BatchRequest (schema)
A set of operations to be performed in a single batch
| Name | Description | Type | Notes |
|---|---|---|---|
| continue_on_error | Continue even if an error is encountered. | boolean | Default: "True" |
| requests | array of BatchRequestItem |
BatchRequestItem (schema)
A single request within a batch of operations
| Name | Description | Type | Notes |
|---|---|---|---|
| body | object | ||
| method | method type(POST/PUT/DELETE/UPDATE) http method type |
string | Required Enum: GET, POST, PUT, DELETE, PATCH |
| uri | Internal uri of the call relative uri (path and args), of the call including resource id (if this is a POST/DELETE), exclude hostname and port and prefix, exploded form of parameters |
string | Required |
BatchResponse (schema)
The reponse to a batch operation
| Name | Description | Type | Notes |
|---|---|---|---|
| has_errors | errors indicator Indicates if any of the APIs failed |
boolean | |
| results | Bulk list results | array of BatchResponseItem | Required |
| rolled_back | indicates if all items were rolled back. Optional flag indicating that all items were rolled back even if succeeded initially |
boolean |
BatchResponseItem (schema)
A single respose in a list of batched responses
| Name | Description | Type | Notes |
|---|---|---|---|
| body | object returned by api object returned by api |
object | |
| code | object returned by api http status code |
integer | Required |
| headers | object returned by api The headers returned by the API call |
object |
BfdHealthMonitoringConfig (schema)
Bfd Health Monitoring Options
Bfd Health Monitoring Options used specific to BFD Transport Zone profiles
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | Whether the heartbeat is enabled. A PATCH or PUT request with "enabled" false (with no probe intervals) will set or reset the probe_interval to their default value. | boolean | Required |
| latency_enabled | Whether the latency is enabled. The flag is to turn on/off latency. A PATCH or PUT request with "latency_enabled" true will enable NSX to send the networking latency data to thrid-party monitoring tools like vRNI. |
boolean | |
| probe_interval | The time interval (in millisec) between probe packets for tunnels between transport nodes. | integer | Minimum: 300 Default: "1000" |
BfdProfile (schema)
Bidirectional Forwarding Detection configuration for BGP peers
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| interval | Time interval between heartbeat packets in milliseconds Time interval between heartbeat packets in milliseconds. |
int | Minimum: 50 Maximum: 60000 Default: "500" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| multiple | Declare dead multiple Declare dead multiple. Number of times heartbeat packet is missed before BFD declares the neighbor is down. |
int | Minimum: 2 Maximum: 16 Default: "3" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value BfdProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
BfdProfileListResult (schema)
Paged Collection of BfdProfile
Paged Collection of BfdProfile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Bfd Profile List Results Bfd Profile list results. |
array of BfdProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
BgpAddressFamily (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| in_prefix_count | Count of in prefixes Count of in prefixes |
integer | Readonly |
| out_prefix_count | Count of out prefixes Count of out prefixes |
integer | Readonly |
| type | BGP address family type BGP address family type |
string | Required Readonly Enum: IPV4_UNICAST, VPNV4_UNICAST, IPV6_UNICAST, L2VPN_EVPN |
BgpBfdConfig (schema)
BFD configuration for BGP peers
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | Flag to enable BFD cofiguration Flag to enable BFD cofiguration. |
boolean | Default: "False" |
| interval | Time interval between heartbeat packets in milliseconds Time interval between heartbeat packets in milliseconds. |
int | Minimum: 50 Maximum: 60000 Default: "500" |
| multiple | Declare dead multiple Declare dead multiple. Number of times heartbeat packet is missed before BFD declares the neighbor is down. |
int | Minimum: 2 Maximum: 16 Default: "3" |
BgpGracefulRestartConfig (schema)
BGP Graceful Restart Configuration
Configuration field to hold BGP restart mode and timer.
| Name | Description | Type | Notes |
|---|---|---|---|
| mode | BGP Graceful Restart Configuration Mode If mode is DISABLE, then graceful restart and helper modes are disabled. If mode is GR_AND_HELPER, then both graceful restart and helper modes are enabled. If mode is HELPER_ONLY, then helper mode is enabled. HELPER_ONLY mode is the ability for a BGP speaker to indicate its ability to preserve forwarding state during BGP restart. GRACEFUL_RESTART mode is the ability of a BGP speaker to advertise its restart to its peers. |
string | Enum: DISABLE, GR_AND_HELPER, HELPER_ONLY Default: "HELPER_ONLY" |
| timer | BGP Graceful Restart Timer Configuration field to hold BGP restart timers. |
BgpGracefulRestartTimer |
BgpGracefulRestartTimer (schema)
BGP Graceful Restart Timers
Configuration field to hold BGP restart timers
| Name | Description | Type | Notes |
|---|---|---|---|
| restart_timer | BGP Graceful Restart Timer Maximum time taken (in seconds) for a BGP session to be established after a restart. This can be used to speed up routing convergence by its peer in case the BGP speaker does not come back up after a restart. If the session is not re-established within this timer, the receiving speaker will delete all the stale routes from that peer. |
integer | Minimum: 1 Maximum: 3600 Default: "180" |
| stale_route_timer | BGP Stale Route Timer Maximum time (in seconds) before stale routes are removed from the RIB (Routing Information Base) when BGP restarts. |
integer | Minimum: 1 Maximum: 3600 Default: "600" |
BgpNeighborConfig (schema)
BGP neighbor config
Contains information necessary to configure a BGP neighbor.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| allow_as_in | Flag to enable allowas_in option for BGP neighbor | boolean | Default: "False" |
| bfd | BFD configuration for failure detection BFD configuration for failure detection. BFD is enabled with default values when not configured. |
BgpBfdConfig | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Flag to enable/disable BGP peering. Flag to enable/disable BGP peering. Disabling will stop the BGP peering. True - indicates enable BGP peering, False - indicates disable BGP peering. Default is True. |
boolean | Default: "True" |
| graceful_restart_mode | BGP Graceful Restart Configuration Mode If mode is DISABLE, then graceful restart and helper modes are disabled. If mode is GR_AND_HELPER, then both graceful restart and helper modes are enabled. If mode is HELPER_ONLY, then helper mode is enabled. HELPER_ONLY mode is the ability for a BGP speaker to indicate its ability to preserve forwarding state during BGP restart. GRACEFUL_RESTART mode is the ability of a BGP speaker to advertise its restart to its peers. |
string | Enum: DISABLE, GR_AND_HELPER, HELPER_ONLY |
| hold_down_time | Wait time in seconds before declaring peer dead Wait time in seconds before declaring peer dead. |
int | Minimum: 1 Maximum: 65535 Default: "180" |
| id | Unique identifier of this resource | string | Sortable |
| in_route_filters | Prefix-list or route map path for IN direction Specify path of prefix-list or route map to filter routes for IN direction. This property is deprecated, use route_filtering instead. Specifying different values for both properties will result in error. |
array of string | Deprecated Maximum items: 1 |
| keep_alive_time | Interval between keep alive messages sent to peer Interval (in seconds) between keep alive messages sent to peer. |
int | Minimum: 1 Maximum: 65535 Default: "60" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| maximum_hop_limit | Maximum number of hops allowed to reach BGP neighbor Maximum number of hops allowed to reach BGP neighbor. |
int | Minimum: 1 Maximum: 255 Default: "1" |
| neighbor_address | Neighbor IP Address | IPAddress | Required |
| neighbor_local_as_config | Local as configuration for BGP Neighbor Configuration field to hold the Local AS config for BGP Neighbor |
BgpNeighborLocalAsConfig | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| out_route_filters | Prefix-list or route map path for OUT direction Specify path of prefix-list or route map to filter routes for OUT direction. When not specified, a built-in prefix-list named 'prefixlist-out-default' is automatically applied. This property is deprecated, use route_filtering instead. Specifying different values for both properties will result in error. |
array of string | Deprecated Maximum items: 1 |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| password | Password Specify password for BGP neighbor authentication. Empty string ("") clears existing password. |
secure_string | Minimum length: 0 Maximum length: 32 |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_as_num | 4 Byte ASN of the neighbor in ASPLAIN Format | string | Required |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value BgpNeighborConfig | string | |
| route_filtering | Enable address families and route filtering in each direction Enable address families and route filtering in each direction. |
array of BgpRouteFiltering | Maximum items: 2 |
| source_addresses | Source IP Addresses for BGP peering Source addresses should belong to Tier0 external or loopback or VTI interface IP Addresses . BGP peering is formed from all these addresses. This property is mandatory when maximum_hop_limit is greater than 1. |
array of IPAddress | Maximum items: 8 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
BgpNeighborConfigListRequestParameters (schema)
Routing Config list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
BgpNeighborConfigListResult (schema)
Paged collection of BGP Neighbor Configs
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | BGP neighbor configs list results | array of BgpNeighborConfig | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
BgpNeighborLocalAsConfig (schema)
BGP neighbor local-as configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| as_path_modifier_type | AS_PATH modifier type for BGP local AS Optional parameter. If this property is not set, by default BGP prepends neighbor's local_as_num value to the AS_PATH for BOTH outgoing and incoming route advertisements from the peer neighbor. By setting one of the following value, user can modify the default prepend action on the AS_PATH in both inbound and outbound direction. NO_PREPEND: If type is NO_PREPEND, then the local router will NOT prepend the incoming advertisement from that peer with neighbor's local_as_num, so the AS path advertised will now prepend only the BGP local-as of the router. NO_PREPEND_REPLACE_AS - If type is "NO_PREPEND_REPLACE_AS", then the local routes will be advertised with the neighbor's local-as instead of the BGP's local-as to peer router. |
string | Enum: NO_PREPEND, NO_PREPEND_REPLACE_AS |
| local_as_num | BGP neighbor local-as number in ASPLAIN/ASDOT Format Specify local-as number for Tier-0 to advertize to BGP peer. This overrides local_as_num configured in the BgpRoutingConfig object. AS number can be specified in ASPLAIN (e.g., "65546") or ASDOT (e.g., "1.10") format. It is supported for BgpNeighborConfig under both default tier0 and vrf tier0. When this capability is configured, it enables the BGP to prepend "local_as_num" value to the beginning of AS_PATH for BOTH outgoing and incoming route advertisements from the configured neighbor. After prepend, AS_PATH contains both "neighbor's |
string | Required |
BgpNeighborRouteDetailsCsvRecord (schema)
BGP neighbor route details
BGP neighbor learned/advertised route details.
| Name | Description | Type | Notes |
|---|---|---|---|
| as_path | AS path BGP AS path attribute. |
string | Readonly |
| local_pref | Local preference BGP Local Preference attribute. |
integer | Readonly |
| logical_router_id | Logical router id Logical router id |
string | Required Readonly |
| med | Multi Exit Discriminator BGP Multi Exit Discriminator attribute. |
integer | Readonly |
| neighbor_address | Neighbor IP address BGP neighbor peer IP address. |
IPAddress | Required Readonly |
| neighbor_id | BGP neighbor id BGP neighbor id |
string | Required Readonly |
| network | CIDR network address CIDR network address. |
IPCIDRBlock | Required Readonly |
| next_hop | Next hop IP address Next hop IP address. |
IPAddress | Readonly |
| source_address | BGP neighbor source address BGP neighbor source address. |
IPAddress | Readonly |
| transport_node_id | Transport node id Transport node id |
string | Required Readonly |
| weight | Weight BGP Weight attribute. |
integer | Readonly |
BgpNeighborRouteDetailsInCsvFormat (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| file_name | File name File name set by HTTP server if API returns CSV result as a file. |
string | |
| results | array of BgpNeighborRouteDetailsCsvRecord |
BgpNeighborRoutes (schema)
BGP neighbor route details
BGP neighbor learned/advertised route details.
| Name | Description | Type | Notes |
|---|---|---|---|
| edge_node_routes | Route details per transport node Array of BGP neighbor route details per edge node. |
array of RoutesPerTransportNode | Readonly |
| egde_node_routes | Route details per transport node Array of BGP neighbor route details per edge node. |
array of RoutesPerTransportNode | Deprecated Readonly |
| enforcement_point_path | Enforcement point policy path | string | Required Readonly |
| neighbor_path | BGP neighbor policy path | string | Required Readonly |
BgpNeighborRoutesListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of Bgp neighbor routes Paged Collection of Bgp neighbor routes. |
array of BgpNeighborRoutes | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
BgpRouteFiltering (schema)
Enable address_families and route filtering in each direction
| Name | Description | Type | Notes |
|---|---|---|---|
| address_family | Address family type Address family type. If not configured, this property automatically derived for IPv4 & IPv6 peer configuration. |
string | Enum: IPV4, IPV6, L2VPN_EVPN |
| enabled | Enable address family Flag to enable address family. |
boolean | Default: "True" |
| in_route_filters | Prefix-list or route map path for IN direction Specify path of prefix-list or route map to filter routes for IN direction. |
array of string | Maximum items: 1 |
| maximum_routes | Maximum number of routes for the address family Maximum number of routes for the address family. |
int | Minimum: 1 Maximum: 1000000 |
| out_route_filters | Prefix-list or route map path for OUT direction Specify path of prefix-list or route map to filter routes for OUT direction. When not specified, a built-in prefix-list named 'prefixlist-out-default' is automatically applied. |
array of string | Maximum items: 1 |
BgpRouteLeaking (schema)
BGP route leaking in each direction
| Name | Description | Type | Notes |
|---|---|---|---|
| address_family | Address family type Address family type. Assumed IPv4 address family when not specified. |
string | Enum: IPV4, IPV6 |
| in_filter | route map path for IN direction Specify path of route map to filter routes for IN direction. If not specified then all exported routes from peer attachment will be imported. |
array of string | Maximum items: 1 |
| out_filter | route map path for OUT direction Specify path of route map to filter routes for OUT direction. If not specified then all redistribute routes will be exported. |
array of string | Maximum items: 1 |
BgpRoutesRequestParameters (schema)
BGP Routes request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| count | Number of routes to retrieve Number of routes to return in response. Not used when routes are requested in CSV format. |
int | Minimum: 1 Default: "1000" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
BgpRoutingConfig (schema)
BGP routing config
Contains BGP routing configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildBgpNeighborConfig |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| ebgp_admin_distance | eBGP route administrative distance Administrative distance for IPv4 and IPv6 eBGP learnt routes(inbound). User is allowed to set this value only if BGP is disabled. |
int | Minimum: 1 Maximum: 255 Default: "20" |
| ecmp | Flag to enable ECMP Flag to enable ECMP. |
boolean | |
| enabled | Flag to enable BGP configuration Flag to enable BGP configuration. Disabling will stop feature and BGP peering. |
boolean | |
| graceful_restart | Flag to enable graceful restart Flag to enable graceful restart. This field is deprecated, please use graceful_restart_config parameter for graceful restart configuration. If both parameters are set and consistent with each other (i.e. graceful_restart=false and graceful_restart_mode=HELPER_ONLY OR graceful_restart=true and graceful_restart_mode=GR_AND_HELPER) then this is allowed, but if inconsistent with each other then this is not allowed and validation error will be thrown. |
boolean | Deprecated |
| graceful_restart_config | BGP Graceful Restart Configuration Configuration field to hold BGP Restart mode and timer. |
BgpGracefulRestartConfig | |
| ibgp_admin_distance | iBGP route administrative distance Administrative distance for IPv4 and IPv6 iBGP learnt routes(inbound). User is allowed to set this value only if BGP is disabled. |
int | Minimum: 1 Maximum: 255 Default: "200" |
| id | Unique identifier of this resource | string | Sortable |
| inter_sr_ibgp | Enable inter SR IBGP configuration Flag to enable inter SR IBGP configuration. When not specified, inter SR IBGP is automatically enabled if Tier-0 is created in ACTIVE_ACTIVE ha_mode. |
boolean | |
| local_as_num | BGP AS number in ASPLAIN/ASDOT Format Specify BGP AS number for Tier-0 to advertize to BGP peers. AS number can be specified in ASPLAIN (e.g., "65546") or ASDOT (e.g., "1.10") format. Empty string disables BGP feature. It is required by normal tier0 but not required in vrf tier0. |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| multipath_relax | Flag to enable BGP multipath relax option Flag to enable BGP multipath relax option. |
boolean | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value BgpRoutingConfig | string | |
| route_aggregations | List of routes to be aggregated List of routes to be aggregated. |
array of RouteAggregationEntry | Maximum items: 1000 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
BinaryPacketData (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| frame_size | Requested total size of the (logical) packet in bytes If the requested frame_size is too small (given the payload and traceflow metadata requirement of 16 bytes), the traceflow request will fail with an appropriate message. The frame will be zero padded to the requested size. |
integer | Minimum: 60 Maximum: 1000 Default: "128" |
| payload | RFC3548 compatible base64 encoded full payload Up to 1000 bytes of payload may be supplied (with a base64-encoded length of 1336 bytes.) Additional bytes of traceflow metadata will be appended to the payload. The payload must contain all headers (Ethernet, IP, etc). Note that VLAN is not supported in the logical space. Hence, payload must not contain 802.1Q headers. |
string | Maximum length: 1336 |
| resource_type | Must be set to the value BinaryPacketData | string | Required Enum: BinaryPacketData, FieldsPacketData Default: "FieldsPacketData" |
| routed | Awareness of logical routing When this flag is set, traceflow packet will have its destination overwritten as the gateway address of the logical router to which the source logical switch is connected. More specifically: - For ARP request, the target IP will be overwritten as gateway IP if the target IP is not in the same subnet of gateway. - For ARP response, the target IP and destination MAC will be overwritten as gateway IP/MAC respectively, if the target IP is not in the same subnet of gateway. - For IP packet, the destination MAC will be overwritten as gateway MAC. However, this flag will not be effective when injecting the traceflow packet to a VLAN backed port. This is because the gateway in this case is a physical gateway that is outside the scope of NSX. Therefore, users need to manually populate the gateway MAC address. If the user still sets this flag in this case, a validation error will be thrown. |
boolean | |
| transport_type | Transport type of the traceflow packet This type takes effect only for IP packet. |
string | Enum: BROADCAST, UNICAST, MULTICAST, UNKNOWN Default: "UNICAST" |
BridgeEndpointStatistics (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| endpoint_id | The id of the bridge endpoint | string | Required Readonly |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| rx_bytes | DataCounter | Readonly | |
| rx_packets | DataCounter | Readonly | |
| tx_bytes | DataCounter | Readonly | |
| tx_packets | DataCounter | Readonly |
BridgeEndpointStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| active_nodes | The Ids of the transport nodes which actively serve the endpoint. | array of string | Readonly |
| endpoint_id | The id of the bridge endpoint | string | Required Readonly |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
BridgeProfileConfig (schema)
Bridge Profile Configuration
configuration parameters for Bridge Profile
| Name | Description | Type | Notes |
|---|---|---|---|
| bridge_profile_path | Policy path to L2 Bridge profile Same bridge profile can be configured on different segments. Each bridge profile on a segment must unique. |
string | Required |
| uplink_teaming_policy_name | Uplink Teaming Policy Name The name of the switching uplink teaming policy for the bridge endpoint. This name corresponds to one fot he switching uplink teaming policy names listed in teh transport zone. When this property is not specified, the teaming policy is assigned by MP. |
string | |
| vlan_ids | VLAN IDs VLAN specification for bridge endpoint. Either VLAN ID or VLAN ranges can be specified. Not both. |
array of string | |
| vlan_transport_zone_path | Policy path to VLAN Transport Zone VLAN transport zone should belong to the enforcment-point as the transport zone specified in the segment. |
string | Required |
BridgeProfileRequestParameters (schema)
Bridge profile request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| bridge_profile_path | Bridge profile path Policy path of Bridge profile using which a bridge end point was created. |
string | Required |
| enforcement_point_path | String Path of the enforcement point Enforcement point path. |
string |
ByodPolicyServiceInstance (schema)
Represents instance of self wiring partner's service
Represents an instance of partner's service whose wiring will be done by partner itself.
As partner does all the wiring, we call it as Byod - Bring your own device.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| deployment_mode | Deployment Mode Deployment mode specifies how the partner appliance will be deployed i.e. in HA or standalone mode. |
string | Enum: STAND_ALONE, ACTIVE_STANDBY Default: "ACTIVE_STANDBY" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| partner_service_name | Name of Partner Service Unique name of Partner Service in the Marketplace |
string | Required |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ByodPolicyServiceInstance | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transport_type | Transport Type Transport to be used while deploying Service-VM. |
string | Enum: L2_BRIDGE, L3_ROUTED Default: "L2_BRIDGE" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
CCPUpgradeStatus (schema)
Status of CCP upgrade
| Name | Description | Type | Notes |
|---|---|---|---|
| can_rollback | Can perform rollback This field indicates whether we can perform upgrade rollback. |
boolean | Readonly |
| can_skip | Can the upgrade of the remaining units in this component be skipped | boolean | Readonly |
| component_type | Component type for the upgrade status | string | Readonly |
| current_version_node_summary | Mapping of current versions of nodes and counts of nodes at the respective versions. | NodeSummaryList | Readonly |
| details | Details about the upgrade status | string | Readonly |
| node_count_at_target_version | Count of nodes at target component version Number of nodes of the type and at the component version |
int | Readonly |
| percent_complete | Indicator of upgrade progress in percentage | number | Required Readonly |
| pre_upgrade_status | Pre-upgrade status of the component-type | UpgradeChecksExecutionStatus | Readonly |
| status | Upgrade status of component | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED |
| target_component_version | Target component version | string | Readonly |
CNSGroupAssociationRequestParams (schema)
List request parameters containing Cloud Native Service external ID and enforcement point path
List request parameters containing Cloud Native service external ID and enforcement point path
| Name | Description | Type | Notes |
|---|---|---|---|
| cns_external_id | Cloud Native Service external ID | string | Required |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F. |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
CaBundle (schema)
CA certificates bundle
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| certificates | X509Certificates in the bundle | array of X509Certificate | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| earliest_not_after | The earliest time in epoch milliseconds at which a certificate becomes invalid. | EpochMsTimestamp | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| not_after_list | Times for each certificate in the bundle at which the certificate becomes invalid. | array of EpochMsTimestamp | Readonly |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pem_encoded | PEM-encoded CA bundle certificates. | string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value CaBundle | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
CaBundleListResult (schema)
CA Bundle query result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | CA bundles list. | array of CaBundle | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
CdpStatusType (schema)
Status types supported of the CrlDistributionPoint
| Name | Description | Type | Notes |
|---|---|---|---|
| CdpStatusType | Status types supported of the CrlDistributionPoint | string | Enum: NOT_READY, FETCHING, READY, ERROR |
CentralConfigProperties (schema)
Central Config properties
| Name | Description | Type | Notes |
|---|---|---|---|
| local_override | Override Central Config | boolean | Required |
Certificate (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| details | List of X509Certificates. | array of X509Certificate | Readonly |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| has_private_key | Whether we have the private key for this certificate. | boolean | Required Readonly Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| leaf_certificate_sha_256_thumbprint | Certificate thumbprint Unique SHA-256 thumbprint of the leaf node certificate. |
string | Readonly |
| pem_encoded | PEM encoded certificate data. | string | Required |
| purpose | Purpose of this certificate. Can be empty or set to "signing-ca". | string | Enum: signing-ca |
| resource_type | Must be set to the value Certificate | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| used_by | List of node IDs with services, that are using this certificate. | array of NodeIdServicesMap | Readonly |
CertificateCheckingStatus (schema)
Result of checking a certificate
| Name | Description | Type | Notes |
|---|---|---|---|
| error_message | Error Message Error message when checking the certificate. |
string | Readonly |
| status | Status Status of the checked certificate. |
CertificateCheckingStatusType | Required Readonly |
CertificateCheckingStatusType (schema)
Status types returned when checking a certificate
| Name | Description | Type | Notes |
|---|---|---|---|
| CertificateCheckingStatusType | Status types returned when checking a certificate | string | Enum: OK, CRL_NOT_READY, REJECTED, ERROR |
CertificateId (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate_id | Certificate ID | string | Required Readonly |
CertificateList (schema)
Certificate queries result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Certificate list. | array of Certificate | Required Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
CertificateProfile (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cluster_certificate | Cluster Certificate True if this is for a cluster certificate |
boolean | Required Readonly |
| extended_key_usage | Extended Key Usage Indicating whether this certificate is used for server-auth, client-auth or both. |
array of CertificateUsageType | Required Readonly |
| node_type | Node Type List of types of node this certificate applies to. |
array of NodeType | Required Readonly |
| profile_name | Certificate Profile Name | string | Required Readonly |
| requires_private_key | Requires Private Key True if this certificate needs a private key. |
boolean | Required Readonly |
| service_type | Unique Service Type | ServiceType | Required Readonly |
| unique_use | Unique Use True if the certificate used for this service-type cannot be used anywhere else. |
boolean | Required Readonly |
CertificateProfileListResult (schema)
CertificateProfile query result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | CertificateProfile list. | array of CertificateProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
CertificateUsageType (schema)
Usage Type of the Certificate, SERVER or CLIENT. Default is SERVER
| Name | Description | Type | Notes |
|---|---|---|---|
| CertificateUsageType | Usage Type of the Certificate, SERVER or CLIENT. Default is SERVER | string | Enum: SERVER, CLIENT |
ChildAntreaTraceflowConfig (schema)
Wrapper object for AnteaTraceflowConfig
Child wrapper for AntreaTraceflowConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| TraceflowConfig | AntreaTraceflowConfig Contains the actual AntreaTraceflowConfig object. |
AntreaTraceflowConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildAntreaTraceflowConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildBfdProfile (schema)
Wrapper object for BfdProfile
Child wrapper for BfdProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| BfdProfile | Bfd Profile Contains the actual BfdProfile object. |
BfdProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildBfdProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildBgpNeighborConfig (schema)
Wrapper object for BgpNeighborConfig
Child wrapper object for BgpNeighborConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| BgpNeighborConfig | BgpNeighborConfig Contains the actual BgpNeighborConfig object. |
BgpNeighborConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildBgpNeighborConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildBgpRoutingConfig (schema)
Wrapper object for BgpRoutingConfig
Child wrapper object for BgpRoutingConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| BgpRoutingConfig | BgpRoutingConfig Contains the actual BgpRoutingConfig object. |
BgpRoutingConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildBgpRoutingConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildByodPolicyServiceInstance (schema)
Wrapper object for ByodPolicyServiceInstance
Child wrapper object for ByodPolicyServiceInstance used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ByodPolicyServiceInstance | ByodPolicyServiceInstance Contains actual ByodPolicyServiceInstance. |
ByodPolicyServiceInstance | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildByodPolicyServiceInstance | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildCaBundle (schema)
Child wrapper for CA certificates bundle, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| CaBundle | CaBundle Contains the actual CaBundle object. |
CaBundle | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildCaBundle | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildCommunicationEntry (schema) (Deprecated)
Wrapper object for CommunicationEntry
Child wrapper object for CommunicationEntry, used in hierarchical API This type is deprecated. Use the type ChildRule instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| CommunicationEntry | CommunicationEntry Contains the actual CommunicationEntry object. |
CommunicationEntry | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildCommunicationEntry | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildCommunicationMap (schema) (Deprecated)
Wrapper object for CommunicationMap
Child wrapper object for CommunicationMap, used in hierarchical API This type is deprecated. Use the type ChildSecurityPolicy instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| CommunicationMap | CommunicationMap Contains the actual CommunicationMap object. |
CommunicationMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildCommunicationMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildCommunityList (schema)
Wrapper object for CommunityList
Child wrapper object for CommunityList, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| CommunityList | CommunityList Contains the actual CommunityList object |
CommunityList | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildCommunityList | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildComputeClusterIdfwConfiguration (schema)
Wrapper object for ComputeClusterIdfwConfiguration
| Name | Description | Type | Notes |
|---|---|---|---|
| ComputeClusterIdfwConfiguration | ComputeClusterIdfwConfiguration Contains the actual compute cluster idfw configuration object. |
ComputeClusterIdfwConfiguration | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildComputeClusterIdfwConfiguration | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildConstraint (schema)
Wrapper object for Constraint
Child wrapper object for Constraint, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Constraint | Constraint Contains the actual Constraint object |
Constraint | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildConstraint | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildConstraintGlobalConfig (schema)
Wrapper object for ConstraintGlobalConfig
Child wrapper object for ConstraintGlobalConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GlobalConfig | ConstraintGlobalConfig Settings to Constraint global configs in NSX/NSX+ application platform. |
ConstraintGlobalConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildConstraintGlobalConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDeploymentZone (schema) (Deprecated)
Wrapper object for DeploymentZone
Child wrapper object for DeploymentZone, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| DeploymentZone | DeploymentZone Contains the actual DeploymentZone object |
DeploymentZone | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDeploymentZone | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDfwFirewallConfiguration (schema) (Experimental)
Wrapper object for FirewallConfiguration
| Name | Description | Type | Notes |
|---|---|---|---|
| DfwFirewallConfiguration | Dfw Firewall Configuration Contains the actual dfw firewall configuration list object. |
DfwFirewallConfiguration | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDfwFirewallConfiguration | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDhcpRelayConfig (schema)
Wrapper object for DhcpRelayConfig
Child wrapper object for DhcpRelayConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| DhcpRelayConfig | DhcpRelayConfig Contains the actual DhcpRelayConfig object |
DhcpRelayConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDhcpRelayConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDhcpServerConfig (schema)
Wrapper object for DhcpServerConfig
Child wrapper object for DhcpServerConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| DhcpServerConfig | DhcpServerConfig Contains the actual DhcpServerConfig object |
DhcpServerConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDhcpServerConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDhcpStaticBindingConfig (schema)
Wrapper object for DhcpStaticBindingConfig
Child wrapper for DhcpStaticBindingConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| DhcpStaticBindingConfig | DhcpStaticBindingConfig Contains the actual DhcpStaticBindingConfig object. |
DhcpStaticBindingConfig (Abstract type: pass one of the following concrete types) DhcpV4StaticBindingConfig DhcpV6StaticBindingConfig |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDhcpStaticBindingConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDnsSecurityProfile (schema)
Wrapper object for DnsSecurityProfile
Child wrapper object for DnsSecurityProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| DnsSecurityProfile | DnsSecurityProfile Contains the actual DnsSecurityProfile object |
DnsSecurityProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDnsSecurityProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDnsSecurityProfileBindingMap (schema)
Wrapper object for DnsSecurityProfileBindingMap
Child wrapper obejct for DnsSecurityProfileBindingMap used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| DnsSecurityProfileBindingMap | DnsSecurityProfileBindingMap Contains the actual DnsSecurityProfileBindingMap object |
DnsSecurityProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDnsSecurityProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDomain (schema)
Wrapper object for Domain
Child wrapper object for domain, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Domain | Domain Contains the actual domain object. |
Domain | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDomain | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDomainDeploymentMap (schema)
Wrapper object for DomainDeploymentMap
Child wrapper object for DomainDeploymentMap, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| DomainDeploymentMap | DomainDeploymentMap Contains the actual DomainDeploymentMap object. |
DomainDeploymentMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDomainDeploymentMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildEndpointPolicy (schema)
Wrapper object for Endpoint Policy
Child wrapper object for EndpointPolicy used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| EndpointPolicy | EndpointPolicy Contains actual EndpointPolicy. |
EndpointPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildEndpointPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildEndpointRule (schema)
Wrapper object for Endpoint Rule
Child wrapper object for EndpointRule used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| EndpointRule | EndpointRule Contains actual EndpointRule. |
EndpointRule | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildEndpointRule | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildEnforcementPoint (schema)
Wrapper object for EnforcementPoint
Child wrapper object for EnforcementPoint, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| EnforcementPoint | EnforcementPoint Contains the actual Enforcement point object. |
EnforcementPoint | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildEnforcementPoint | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildEvpnConfig (schema)
Wrapper object for EvpnConfig
Child wrapper object for EvpnConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| EvpnConfig | EvpnConfig Contains the actual EvpnConfig object. |
EvpnConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildEvpnConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildEvpnTunnelEndpointConfig (schema)
Wrapper object for EvpnTunnelEndpointConfig
Child wrapper object for EvpnTunnelEndpointConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| EvpnTunnelEndpointConfig | EvpnTunnelEndpointConfig Contains the actual EvpnTunnelEndpointConfig object. |
EvpnTunnelEndpointConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildEvpnTunnelEndpointConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildFloodProtectionProfile (schema)
Wrapper object for FloodProtectionProfile
Child wrapper object for FloodProtectionProfile,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| FloodProtectionProfile | FloodProtectionProfile Contains the actual FloodProtectionProfile object |
FloodProtectionProfile (Abstract type: pass one of the following concrete types) DistributedFloodProtectionProfile GatewayFloodProtectionProfile |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildFloodProtectionProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildFloodProtectionProfileBindingMap (schema)
Wrapper object for FloodProtectionProfileBindingMap
Child wrapper object for FloodProtectionProfileBindingMap,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| FloodProtectionProfileBindingMap | FloodProtectionProfileBindingMap Contains the actual FloodProtectionProfileBindingMap object |
FloodProtectionProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildFloodProtectionProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildForwardingPolicy (schema)
Wrapper object for children of type ForwardingPolicy
Child wrapper object for ForwardingPolicy used in Hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ForwardingPolicy | ForwardingPolicy Contains actual ForwardingPolicy. |
ForwardingPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildForwardingPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildForwardingRule (schema)
Wrapper object for ForwardingRule
Child wrapper object for ForwardingRule used in Hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ForwardingRule | ForwardingRule Contains actual ForwardingRule. |
ForwardingRule | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildForwardingRule | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildFqdnAnalysisConfig (schema)
Wrapper object for FqdnAnalysisConfig
Child wrapper object for FqdnAnalysisConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| FqdnAnalysisConfig | FQDN Analysis Config Contains the actual FqdnAnalysisConfig object |
FqdnAnalysisConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildFqdnAnalysisConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGatewayPolicy (schema)
Wrapper object for GatewayPolicy
Child wrapper object for GatewayPolicy, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GatewayPolicy | GatewayPolicy Contains the actual GatewayPolicy object |
GatewayPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGatewayPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGatewayQosProfile (schema)
Wrapper object for GatewayQosProfile
Child wrapper for GatewayQosProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| GatewayQosProfile | GatewayQosProfile Contains the actual GatewayQosProfile object. |
GatewayQosProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGatewayQosProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGeneralSecurityProfile (schema)
Wrapper object for GeneralSecurityProfile
Child wrapper object for GeneralSecurityProfile,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GeneralSecurityProfile | GeneralSecurityProfile Contains the actual GeneralSecurityProfile object |
GeneralSecurityProfile (Abstract type: pass one of the following concrete types) GatewayGeneralSecurityProfile |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGeneralSecurityProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGeneralSecurityProfileBindingMap (schema)
Wrapper object for GeneralSecurityProfileBindingMap
Child wrapper object for GeneralSecurityProfileBindingMap,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GeneralSecurityProfileBindingMap | GeneralSecurityProfileBindingMap Contains the actual GeneralSecurityProfileBindingMap object |
GeneralSecurityProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGeneralSecurityProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGlobalConfig (schema)
Wrapper object for GlobalConfig
Child wrapper object for GlobalConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GlobalConfig | GlobalConfig Contains the actual GlobalConfig object. |
GlobalConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGlobalConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGlobalDfwConfiguration (schema) (Experimental)
Wrapper object for GlobalDfwConfiguration
| Name | Description | Type | Notes |
|---|---|---|---|
| GlobalDfwConfiguration | Global distributed firewall configuration Contains the actual global distributed firewall configuration object. |
GlobalDfwConfiguration | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGlobalDfwConfiguration | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGlobalIdsSettings (schema)
Wrapper object for GlobalIdsSettings
Child wrapper object for GlobalIdsSettings, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GlobalIdsSettings | GlobalIdsSettings Contains the GlobalIdsSettings object |
GlobalIdsSettings | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGlobalIdsSettings | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGlobalIdsSignature (schema)
Wrapper object for GlobalIdsSignature
Child wrapper object for GlobalIdsSignature, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GlobalIdsSignature | GlobalIdsSignature Contains the GlobalIdsSignature object |
GlobalIdsSignature | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGlobalIdsSignature | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGlobalManager (schema)
Wrapper object for Global Manager
Child wrapper object for Global Manager, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| GlobalManager | GlobalManager Contains the actual Global Manager object. |
GlobalManager | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGlobalManager | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGroup (schema)
Wrapper object for Group
Child wrapper object for group, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Group | Group Contains the actual group objects. |
Group | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGroup | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGroupDiscoveryProfileBindingMap (schema)
Wrapper object for GroupDiscoveryProfileBindingMap
Child wrapper obejct for GroupDiscoveryProfileBindingMap used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GroupDiscoveryProfileBindingMap | GroupDiscoveryProfileBindingMap Contains the actual GroupDiscoveryProfileBindingMap object |
GroupDiscoveryProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGroupDiscoveryProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGroupMonitoringProfileBindingMap (schema)
Wrapper object for GroupMonitoringProfileBindingMap
Child wrapper object for GroupMonitoringProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GroupMonitoringProfileBindingMap | GroupMonitoringProfileBindingMap Contains the actual GroupMonitoringProfileBindingMap object |
GroupMonitoringProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGroupMonitoringProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPDiscoveryProfile (schema)
Wrapper object for IPDiscoveryProfile
Child wrapper object for IPDiscoveryProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IPDiscoveryProfile | IPDiscoveryProfile Contains the actual IPDiscoveryProfile object |
IPDiscoveryProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPDiscoveryProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPFIXDFWCollectorProfile (schema)
Wrapper object for IPFIXDFWCollectorProfile
Child wrapper object for IPFIXDFWCollectorProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IPFIXDFWCollectorProfile | IPFIXDFWCollectorProfile Contains the actual IPFIXDFWCollectorProfile object |
IPFIXDFWCollectorProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPFIXDFWCollectorProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPFIXDFWProfile (schema)
Wrapper object for IPFIXDFWProfile
Child wrapper object for IPFIXDFWProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IPFIXDFWProfile | IPFIXDFWProfile Contains the actual IPFIXDFWProfile object |
IPFIXDFWProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPFIXDFWProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPFIXL2CollectorProfile (schema)
Wrapper object for IPFIXL2CollectorProfile
Child wrapper object for IPFIXL2CollectorProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IPFIXL2CollectorProfile | IPFIXL2CollectorProfile Contains the actual IPFIXL2CollectorProfile object |
IPFIXL2CollectorProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPFIXL2CollectorProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPFIXL2Profile (schema)
Wrapper object for IPFIXL2Profile
Child wrapper object for IPFIXL2Profile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IPFIXL2Profile | IPFIXL2Profile Contains the actual IPFIXL2Profile object |
IPFIXL2Profile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPFIXL2Profile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPSecVpnDpdProfile (schema)
Wrapper object for IPSecVpnDpdProfile
Child wrapper object for IPSecVpnDpdProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecVpnDpdProfile | IPSecVpnDpdProfile Contains the actual IPSecVpnDpdProfile object. |
IPSecVpnDpdProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPSecVpnDpdProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPSecVpnIkeProfile (schema)
Wrapper object for IPSecVpnIkeProfile
Child wrapper object for IPSecVpnIkeProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecVpnIkeProfile | IPSecVpnIkeProfile Contains the actual IPSecVpnIkeProfile object. |
IPSecVpnIkeProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPSecVpnIkeProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPSecVpnLocalEndpoint (schema)
Wrapper object for IPSecVpnLocalEndpoint
Child wrapper object for IPSecVpnLocalEndpoint, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecVpnLocalEndpoint | IPSecVpnLocalEndpoint Contains the actual IPSecVpnLocalEndpoint object. |
IPSecVpnLocalEndpoint | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPSecVpnLocalEndpoint | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPSecVpnService (schema)
Wrapper object for IPSecVpnService
Child wrapper object for IPSecVpnService, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecVpnService | IPSecVpnService Contains the actual IPSecVpnService object. |
IPSecVpnService | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPSecVpnService | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPSecVpnSession (schema)
Wrapper object for IPSecVpnSession
Child wrapper object for IPSecVpnSession, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecVpnSession | IPSecVpnSession Contains the actual IPSecVpnSession object. |
IPSecVpnSession (Abstract type: pass one of the following concrete types) PolicyBasedIPSecVpnSession RouteBasedIPSecVpnSession |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPSecVpnSession | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPSecVpnTunnelProfile (schema)
Wrapper object for IPSecVpnTunnelProfile
Child wrapper object for IPSecVpnTunnelProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecVpnTunnelProfile | IPSecVpnTunnelProfile Contains the actual IPSecVpnTunnelProfile object |
IPSecVpnTunnelProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPSecVpnTunnelProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdentityFirewallStore (schema)
Wrapper object for IdentityFirewallStore
Child wrapper for IdentityFirewallStore, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| IdentityFirewallStore | IdentityFirewallStore Contains the actual IdentityFirewallStore object. |
IdentityFirewallStore (Abstract type: pass one of the following concrete types) IdentityFirewallAdStore |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdentityFirewallStore | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsClusterConfig (schema)
Wrapper object for IdsClusterConfig
Child wrapper object for IdsClusterConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsClusterConfig | IdsClusterConfig Contains the IdsClusterConfig object |
IdsClusterConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsClusterConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsGatewayPolicy (schema)
Wrapper object for IdsGatewayPolicy
Child wrapper object for IdsGatewayPolicy, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsGatewayPolicy | IdsGatewayPolicy Contains the IdsGatewayPolicy object |
IdsGatewayPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsGatewayPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsGlobalEventConfig (schema)
Wrapper object for IdsGlobalEventConfig
Child wrapper object for IdsGlobalEventConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsGlobalEventConfig | IdsGlobalEventConfig Contains the IdsGlobalEventConfig object |
IdsGlobalEventConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsGlobalEventConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsProfile (schema)
Wrapper object for IdsProfile
Child wrapper object for IdsProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsProfile | IdsProfile Contains the IdsProfile object |
IdsProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsRule (schema)
Wrapper object for IdsRule
Child wrapper object for IdsRule, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsRule | IdsRule Contains the IdsRule object |
IdsRule | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsRule | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsSecurityPolicy (schema)
Wrapper object for IdsSecurityPolicy
Child wrapper object for IdsSecurityPolicy, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsSecurityPolicy | IdsSecurityPolicy Contains the IdsSecurityPolicy object |
IdsSecurityPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsSecurityPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsSettings (schema)
Wrapper object for IdsSettings
Child wrapper object for IdsSettings, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsSettings | IdsSettings Contains the IdsSettings object |
IdsSettings | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsSettings | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsSignature (schema)
Wrapper object for IdsSignature
Child wrapper object for IdsSignature, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsSignature | IdsSignature Contains the IdsSignature object |
IdsSignature | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsSignature | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsSignatureStatus (schema)
Wrapper object for IdsSignatureStatus
Child wrapper object for IdsSignatureStatus, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsSignatureStatus | IdsSignatureStatus Contains the IdsSignatureStatus object |
IdsSignatureStatus | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsSignatureStatus | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsSignatureVersion (schema)
Wrapper object for IdsSignatureVersion
Child wrapper object for IdsSignatureVersion, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsSignatureVersion | IdsSignatureVersion Contains the IdsSignatureVersion object |
IdsSignatureVersion | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsSignatureVersion | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsStandaloneHostConfig (schema)
Wrapper object for IdsStandaloneHostConfig
Child wrapper object for IdsStandaloneHostConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsStandaloneHostConfig | IdsStandaloneHostConfig Contains the IdsStandaloneHostConfig object |
IdsStandaloneHostConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsStandaloneHostConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildInfra (schema)
Wrapper object for Infra
Child wrapper object for Infra, used in multi-tenancy hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Infra | Infra Contains the actual Infra object |
Infra | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildInfra | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIpAddressAllocation (schema)
Wrapper object for IpAddressAllocation
Child wrapper object for IpAddressAllocation, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IpAddressAllocation | IpAddressAllocation Contains the actual IpAddressAllocation object |
IpAddressAllocation | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIpAddressAllocation | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIpAddressBlock (schema)
Wrapper object for IpAddressBlock
Child wrapper object for IpAddressBlock, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IpAddressBlock | IpAddressBlock Contains the actual IpAddressBlock object |
IpAddressBlock | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIpAddressBlock | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIpAddressPool (schema)
Wrapper object for IpAddressPool
Child wrapper object for IpAddressPool, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IpAddressPool | IpAddressPool Contains the actual IpAddressPool object |
IpAddressPool | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIpAddressPool | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIpAddressPoolSubnet (schema)
Wrapper object for IpAddressPoolSubnet
Child wrapper object for IpAddressPoolSubnet, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IpAddressPoolSubnet | IpAddressPoolSubnet Contains the actual IpAddressPoolSubnet object |
IpAddressPoolSubnet (Abstract type: pass one of the following concrete types) IpAddressPoolBlockSubnet IpAddressPoolStaticSubnet |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIpAddressPoolSubnet | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIpv6DadProfile (schema)
Wrapper object for Ipv6DadProfile
Child wrapper object for Ipv6DadProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Ipv6DadProfile | Ipv6DadProfile Contains the actual Ipv6DadProfile objects |
Ipv6DadProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIpv6DadProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIpv6NdraProfile (schema)
Wrapper object for Ipv6NdraProfile
Child wrapper object for Ipv6NdraProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Ipv6NdraProfile | Ipv6NdraProfile Contains the actual Ipv6NdraProfile objects |
Ipv6NdraProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIpv6NdraProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL2BridgeEndpointProfile (schema)
Wrapper object for L2BridgeEndpointProfile
Child wrapper object for L2BridgeEndpointProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| L2BridgeEndpointProfile | L2BridgeEndpointProfile Contains the actual L2BridgeEndpointProfile object |
L2BridgeEndpointProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL2BridgeEndpointProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL2VPNService (schema)
Wrapper object for L2VPNService
Child wrapper object for L2VPNService, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| L2VPNService | L2VPNService Contains the actual L2VPNService object. |
L2VPNService | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL2VPNService | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL2VPNSession (schema)
Wrapper object for L2VPNSession
Child wrapper object for L2VPNSession, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| L2VPNSession | L2VPNSession Contains the actual L2VPNSession object. |
L2VPNSession | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL2VPNSession | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL2Vpn (schema) (Deprecated)
Wrapper object for L2Vpn
Child wrapper object for L2Vpn, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| L2Vpn | L2Vpn Contains the actual L2Vpn object. |
L2Vpn | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL2Vpn | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL2VpnContext (schema) (Deprecated)
Wrapper object for L2VpnContext
Child wrapper object for L2VpnContext, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| L2VpnContext | L2VpnContext Contains the actual L2VpnContext object. |
L2VpnContext | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL2VpnContext | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL3Vpn (schema) (Deprecated)
Wrapper object for L3Vpn
Child wrapper object for L3Vpn, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| L3Vpn | L3Vpn Contains the actual L3Vpn object. |
L3Vpn | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL3Vpn | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL3VpnContext (schema) (Deprecated)
Wrapper object for L3VpnContext
Child wrapper object for L3VpnContext, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| L3VpnContext | L3VpnContext Contains the actual L3VpnContext object. |
L3VpnContext | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL3VpnContext | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL7AccessEntry (schema)
Wrapper object for L7 Access Entry
Child wrapper object for L7 Access Entry, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| L7AccessEntry | L7 Access Entry Contains the actual L7 access entry object |
L7AccessEntry | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL7AccessEntry | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL7AccessProfile (schema)
Wrapper object for L7 Access Profile
Child wrapper object for L7 Access Profile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| L7AccessProfile | L7 access profile Contains the actual L7 access profile object |
L7AccessProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL7AccessProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBAppProfile (schema)
Wrapper object for LBAppProfile
Child wrapper for LBAppProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBAppProfile | LBAppProfile Contains the actual LBAppProfile object. |
LBAppProfile (Abstract type: pass one of the following concrete types) LBFastTcpProfile LBFastUdpProfile LBHttpProfile |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBAppProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBClientSslProfile (schema) (Deprecated)
Wrapper object for LBClientSslProfile
Child wrapper for LBClientSslProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBClientSslProfile | LBClientSslProfile Contains the actual LBClientSslProfile object. |
LBClientSslProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBClientSslProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBMonitorProfile (schema) (Deprecated)
Wrapper object for LBMonitorProfile
Child wrapper for LBMonitorProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBMonitorProfile | LBMonitorProfile Contains the actual LBMonitorProfile object. |
LBMonitorProfile (Abstract type: pass one of the following concrete types) LBActiveMonitor LBHttpMonitorProfile LBHttpsMonitorProfile LBIcmpMonitorProfile LBPassiveMonitorProfile LBTcpMonitorProfile LBUdpMonitorProfile |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBMonitorProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBPersistenceProfile (schema)
Wrapper object for LBPersistenceProfile
Child wrapper for LBPersistenceProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBPersistenceProfile | LBPersistenceProfile Contains the actual LBPersistenceProfile object. |
LBPersistenceProfile (Abstract type: pass one of the following concrete types) LBCookiePersistenceProfile LBGenericPersistenceProfile LBSourceIpPersistenceProfile |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBPersistenceProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBPool (schema)
Wrapper object for LBPool
Child wrapper for LBPool, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBPool | LBPool Contains the actual LBPool object. |
LBPool | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBPool | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBServerSslProfile (schema) (Deprecated)
Wrapper object for LBServerSslProfile
Child wrapper for LBServerSslProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBServerSslProfile | LBServerSslProfile Contains the actual LBServerSslProfile object. |
LBServerSslProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBServerSslProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBService (schema)
Wrapper object for LBService
Child wrapper for LBService, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBService | LBService Contains the actual LBService object. |
LBService | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBService | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBVirtualServer (schema)
Wrapper object for LBVirtualServer
Child wrapper for LBVirtualServer, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBVirtualServer | LBVirtualServer Contains the actual LBVirtualServer object. |
LBVirtualServer | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBVirtualServer | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLiveTraceConfig (schema)
Wrapper object for LiveTraceConfig
Child wrapper for LiveTraceConfig for Hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| LiveTraceConfig | LiveTraceConfig The actual LiveTraceConfig object. |
LiveTraceConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLiveTraceConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLocaleServices (schema)
Wrapper object for LocaleServices
Child wrapper object for LocaleServices, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| LocaleServices | LocaleServices Contains the actual LocaleServices object |
LocaleServices | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLocaleServices | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildMacDiscoveryProfile (schema)
Wrapper object for MacDiscoveryProfile
Child wrapper object for MacDiscoveryProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| MacDiscoveryProfile | MacDiscoveryProfile Contains the actual MacDiscoveryProfile object |
MacDiscoveryProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildMacDiscoveryProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildMalwarePreventionProfile (schema)
Wrapper object for MalwarePreventionProfile
Child wrapper object for MalwarePreventionProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| MalwarePreventionProfile | MalwarePreventionProfile Contains the MalwarePreventionProfile object |
MalwarePreventionProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildMalwarePreventionProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildMalwarePreventionSignature (schema)
Wrapper object for MalwarePreventionSignature
Child wrapper object for MalwarePreventionSignature, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| MalwarePreventionSignature | MalwarePreventionSignature Contains the MalwarePreventionSignature object |
MalwarePreventionSignature | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildMalwarePreventionSignature | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildMetadataProxyConfig (schema)
Wrapper object for MetadataProxyConfig
| Name | Description | Type | Notes |
|---|---|---|---|
| MetadataProxyConfig | MetadataProxyConfig Contains the actual MetadataProxyConfig object. |
MetadataProxyConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildMetadataProxyConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildOdsRunbookInvocation (schema)
Wrapper object for OdsRunbookInvocation
Child wrapper for OdsRunbookInvocation for Hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| OdsRunbookInvocation | OdsRunbookInvocation The actual OdsRunbookInvocation object. |
OdsRunbookInvocation | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildOdsRunbookInvocation | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildOdsRunbookInvocationArtifactBatchRequest (schema)
Wrapper object for OdsRunbookInvocationArtifactBatchRequest
Child wrapper for OdsRunbookInvocationArtifactBatchRequest for Hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| OdsRunbookInvocation | OdsRunbookInvocationArtifactBatchRequest The actual OdsRunbookInvocationArtifactBatchRequest object. |
OdsRunbookInvocationArtifactBatchRequest | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildOdsRunbookInvocationArtifactBatchRequest | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildOpsGlobalConfig (schema)
Wrapper object for OpsGlobalConfig
Child wrapper object for OpsGlobalConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GlobalConfig | OpsGlobalConfig Contains the actual OpsGlobalConfig object. |
OpsGlobalConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildOpsGlobalConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildOrg (schema)
Wrapper object for Org
Child wrapper object for Org, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Org | Org Contains the actual Org object |
Org | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildOrg | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildOrgRoot (schema)
Wrapper object for OrgRoot
Child wrapper object for OrgRoot, used in multi-tenancy hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| OrgRoot | OrgRoot Contains the actual OrgRoot object |
OrgRoot | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildOrgRoot | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildOspfAreaConfig (schema)
Wrapper object for OSPF routing config
Child wrapper object for OspfAreaConfig used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| OspfAreaConfig | OspfAreaConfig Contains actual OspfAreaConfig. |
OspfAreaConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildOspfAreaConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildOspfRoutingConfig (schema)
Wrapper object for OSPF routing config
Child wrapper object for OspfRoutingConfig used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| OspfRoutingConfig | OspfRoutingConfig Contains actual OspfRoutingConfig. |
OspfRoutingConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildOspfRoutingConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyConfigResource (schema)
Represents the desired state object as child resource
Represents an object on the desired state
This is an abstract type. Concrete child types:
ChildAntreaTraceflowConfig
ChildBfdProfile
ChildBgpNeighborConfig
ChildBgpRoutingConfig
ChildByodPolicyServiceInstance
ChildCaBundle
ChildCommunicationEntry
ChildCommunicationMap
ChildCommunityList
ChildComputeClusterIdfwConfiguration
ChildConstraint
ChildDeploymentZone
ChildDfwFirewallConfiguration
ChildDhcpRelayConfig
ChildDhcpServerConfig
ChildDhcpStaticBindingConfig
ChildDomain
ChildDomainDeploymentMap
ChildEndpointPolicy
ChildEndpointRule
ChildEnforcementPoint
ChildEvpnConfig
ChildEvpnTunnelEndpointConfig
ChildFloodProtectionProfile
ChildFloodProtectionProfileBindingMap
ChildForwardingPolicy
ChildForwardingRule
ChildFqdnAnalysisConfig
ChildGatewayPolicy
ChildGatewayQosProfile
ChildGeneralSecurityProfile
ChildGeneralSecurityProfileBindingMap
ChildGlobalDfwConfiguration
ChildGlobalIdsSettings
ChildGlobalIdsSignature
ChildGlobalManager
ChildGroup
ChildGroupMonitoringProfileBindingMap
ChildIPDiscoveryProfile
ChildIPFIXDFWCollectorProfile
ChildIPFIXDFWProfile
ChildIPFIXL2CollectorProfile
ChildIPFIXL2Profile
ChildIPSecVpnDpdProfile
ChildIPSecVpnIkeProfile
ChildIPSecVpnLocalEndpoint
ChildIPSecVpnService
ChildIPSecVpnSession
ChildIPSecVpnTunnelProfile
ChildIdentityFirewallStore
ChildIdsClusterConfig
ChildIdsGatewayPolicy
ChildIdsGlobalEventConfig
ChildIdsProfile
ChildIdsRule
ChildIdsSecurityPolicy
ChildIdsSettings
ChildIdsSignature
ChildIdsSignatureStatus
ChildIdsSignatureVersion
ChildIdsStandaloneHostConfig
ChildIpAddressAllocation
ChildIpAddressBlock
ChildIpAddressPool
ChildIpAddressPoolSubnet
ChildL2VPNService
ChildL2VPNSession
ChildL2Vpn
ChildL2VpnContext
ChildL3Vpn
ChildL3VpnContext
ChildL7AccessEntry
ChildL7AccessProfile
ChildLBAppProfile
ChildLBClientSslProfile
ChildLBMonitorProfile
ChildLBPersistenceProfile
ChildLBPool
ChildLBServerSslProfile
ChildLBService
ChildLBVirtualServer
ChildLiveTraceConfig
ChildLocaleServices
ChildMacDiscoveryProfile
ChildMalwarePreventionProfile
ChildMalwarePreventionSignature
ChildMetadataProxyConfig
ChildOdsRunbookInvocation
ChildOdsRunbookInvocationArtifactBatchRequest
ChildPolicyContextProfile
ChildPolicyDnsForwarder
ChildPolicyDnsForwarderZone
ChildPolicyEdgeCluster
ChildPolicyEdgeNode
ChildPolicyExcludeList
ChildPolicyFirewallIpReputationConfig
ChildPolicyFirewallScheduler
ChildPolicyFirewallSessionTimerProfile
ChildPolicyLabel
ChildPolicyLatencyStatProfile
ChildPolicyNat
ChildPolicyNatRule
ChildPolicySIExcludeList
ChildPolicyServiceChain
ChildPolicyServiceInstance
ChildPolicyServiceProfile
ChildPolicyTransportZone
ChildPolicyTransportZoneProfile
ChildPolicyUrlCategorizationConfig
ChildPolicyVpcNatRule
ChildPortDiscoveryProfileBindingMap
ChildPortMirroringProfile
ChildPortMonitoringProfileBindingMap
ChildPortQoSProfileBindingMap
ChildPortSecurityProfileBindingMap
ChildPrefixList
ChildQoSProfile
ChildRedirectionPolicy
ChildRedirectionRule
ChildRule
ChildSIStatusConfiguration
ChildSecurityFeatures
ChildSecurityPolicy
ChildSegment
ChildSegmentDiscoveryProfileBindingMap
ChildSegmentMonitoringProfileBindingMap
ChildSegmentPort
ChildSegmentQoSProfileBindingMap
ChildSegmentSecurityProfile
ChildSegmentSecurityProfileBindingMap
ChildService
ChildServiceEntry
ChildServiceInstanceEndpoint
ChildServiceInterface
ChildServiceReference
ChildServiceSegment
ChildSessionTimerProfileBindingMap
ChildShaDynamicPlugin
ChildShaPluginProfile
ChildShaPredefinedPlugin
ChildSite
ChildSpoofGuardProfile
ChildStandaloneHostIdfwConfiguration
ChildStaticARPConfig
ChildStaticMimeContent
ChildStaticRouteBfdPeer
ChildStaticRoutes
ChildTagBulkOperation
ChildTier0
ChildTier0DeploymentMap
ChildTier0Interface
ChildTier0InterfaceGroup
ChildTier0RouteMap
ChildTier0SecurityFeatures
ChildTier1
ChildTier1DeploymentMap
ChildTier1Interface
ChildTier1InterfaceGroup
ChildTlsCertificate
ChildTlsCrl
ChildTlsPolicy
ChildTlsProfile
ChildTlsRule
ChildTlsTrustData
ChildTraceflowConfig
ChildVMTagReplicationPolicy
ChildVirtualEndpoint
ChildVniPoolConfig
ChildVpcIpAddressAllocation
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyConfigResource | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyContextProfile (schema)
Wrapper object for PolicyContextProfile
Child wrapper object for PolicyContextProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyContextProfile | PolicyContextProfile Contains the actual PolicyContextProfile objects |
PolicyContextProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyContextProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyCustomAttributes (schema)
Wrapper object for PolicyCustomAttributes
Child wrapper object for PolicyCustomAttributes, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyCustomAttributes | PolicyCustomAttributes Contains the actual PolicyCustomAttributes objects |
PolicyCustomAttributes | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyCustomAttributes | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyDnsForwarder (schema)
Wrapper object for PolicyDnsForwarder
Child wrapper object for PolicyDnsForwarder, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyDnsForwarder | PolicyDnsForwarder Contains the actual PolicyDnsForwarder object |
PolicyDnsForwarder | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyDnsForwarder | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyDnsForwarderZone (schema)
Wrapper object for PolicyDnsForwarderZone
Child wrapper object for PolicyDnsForwarderZone, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyDnsForwarderZone | PolicyDnsForwarderZone Contains the actual PolicyDnsForwarderZone object |
PolicyDnsForwarderZone | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyDnsForwarderZone | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyEdgeCluster (schema)
Wrapper object for PolicyEdgeCluster
Child wrapper object for PolicyEdgeCluster, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyEdgeCluster | PolicyEdgeCluster Contains the actual PolicyEdgeCluster object. |
PolicyEdgeCluster | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyEdgeCluster | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyEdgeNode (schema)
Wrapper object for PolicyEdgeNode
Child wrapper object for PolicyEdgeNode, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyEdgeNode | PolicyEdgeNode Contains the actual PolicyEdgeNode object. |
PolicyEdgeNode | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyEdgeNode | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyExcludeList (schema)
Wrapper object for PolicyExcludeList
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyExcludeList | PolicyExcludeList Contains the actual policy exclude list object. |
PolicyExcludeList | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyExcludeList | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyFirewallCPUMemThresholdsProfileBindingMap (schema)
Wrapper object for PolicyFirewallCPUMemThresholdsProfileBindingMap
Child wrapper object for PolicyFirewallCPUMemThresholdsProfileBindingMap,
used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyFirewallCPUMemThresholdsProfileBindingMap | PolicyFirewallCPUMemThresholdsProfileBindingMap Contains the actual PolicyFirewallCPUMemThresholdsProfileBindingMap object. |
PolicyFirewallCPUMemThresholdsProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyFirewallCPUMemThresholdsProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyFirewallCpuMemThresholdsProfile (schema)
Wrapper object for PolicyFirewallCpuMemThresholdsProfile
Child wrapper object for PolicyFirewallCpuMemThresholdsProfile, used in
hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyFirewallCpuMemThresholdsProfile | PolicyFirewallCpuMemThresholdsProfile Contains the actual PolicyFirewallCpuMemThresholdsProfile object |
PolicyFirewallCpuMemThresholdsProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyFirewallCpuMemThresholdsProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyFirewallFloodProtectionProfileBindingMap (schema)
Wrapper object for PolicyFirewallFloodProtectionProfileBindingMap
Child wrapper object for PolicyFirewallFloodProtectionProfileBindingMap,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyFirewallFloodProtectionProfileBindingMap | PolicyFirewallFloodProtectionProfileBindingMap Contains the actual PolicyFirewallFloodProtectionProfileBindingMap object |
PolicyFirewallFloodProtectionProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyFirewallFloodProtectionProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyFirewallIpReputationConfig (schema)
Wrapper object for PolicyFirewallIpReputationConfig
Child wrapper object for PolicyFirewallIpReputationConfig, used
in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyFirewallIpReputationConfig | IP reputation config Contains the actual PolicyFirewallIpReputationConfig object. |
PolicyFirewallIpReputationConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyFirewallIpReputationConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyFirewallScheduler (schema)
Wrapper object for PolicyFirewallScheduler
Child wrapper object for PolicyFirewallScheduler, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyFirewallScheduler | PolicyFirewallScheduler Contains the actual PolicyFirewallScheduler objects |
PolicyFirewallScheduler | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyFirewallScheduler | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyFirewallSessionTimerProfile (schema)
Wrapper object for PolicyFirewallSessionTimerProfile
Child wrapper object for PolicyFirewallSessionTimerProfile,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyFirewallSessionTimerProfile | PolicyFirewallSessionTimerProfile Contains the actual PolicyFirewallSessionTimerProfile object |
PolicyFirewallSessionTimerProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyFirewallSessionTimerProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyFirewallSessionTimerProfileBindingMap (schema)
Wrapper object for PolicyFirewallSessionTimerProfileBindingMap
Child wrapper object for PolicyFirewallSessionTimerProfileBindingMap,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyFirewallSessionTimerProfileBindingMap | PolicyFirewallSessionTimerProfileBindingMap Contains the actual PolicyFirewallSessionTimerProfileBindingMap object |
PolicyFirewallSessionTimerProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyFirewallSessionTimerProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyIgmpProfile (schema)
Wrapper object for PolicyIgmpProfile
Child wrapper object for PolicyIgmpProfile used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyIgmpProfile | PolicyIgmpProfile Contains actual PolicyIgmpProfile. |
PolicyIgmpProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyIgmpProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyInterVrfRoutingConfig (schema)
Wrapper object for inter-vrf routing config
Child wrapper object for PolicyInterVrfRoutingConfig used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyInterVrfRoutingConfig | PolicyInterVrfRoutingConfig Contains actual PolicyInterVrfRoutingConfig. |
PolicyInterVrfRoutingConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyInterVrfRoutingConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyLabel (schema)
Wrapper object for PolicyLabel
Child wrapper object for PolicyLabel, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyLabel | PolicyLabel Contains the actual PolicyLabel object |
PolicyLabel | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyLabel | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyLatencyStatProfile (schema)
Wrapper object for PolicyLatencyStatProfile
Child wrapper object for PolicyLatencyStatProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyLatencyStatProfile | PolicyLatencyStatProfile Contains the actual PolicyLatencyStatProfile object |
PolicyLatencyStatProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyLatencyStatProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyMulticastConfig (schema)
Wrapper object for PolicyMulticastConfig
Child wrapper object for PolicyMulticastConfig used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyMulticastConfig | PolicyMulticastConfig Contains actual PolicyMulticastConfig. |
PolicyMulticastConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyMulticastConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyNat (schema)
Wrapper object for PolicyNat
Child wrapper object for PolicyNat, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyNat | PolicyNat Contains the actual PolicyNAT object |
PolicyNat | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyNat | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyNatRule (schema)
Wrapper object for PolicyNatRule
Child wrapper object for PolicyNatRule, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyNatRule | PolicyNatRule Contains the actual PolicyNatRule object |
PolicyNatRule | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyNatRule | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyPimProfile (schema)
Wrapper object for PolicyPimProfile
Child wrapper object for PolicyPimProfile used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyPimProfile | PolicyPimProfile Contains actual PolicyPimProfile. |
PolicyPimProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyPimProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicySIExcludeList (schema)
Wrapper object for PolicySIExcludeList
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicySIExcludeList | PolicySIExcludeList Contains the actual policy exclude list object. |
PolicySIExcludeList | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicySIExcludeList | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyServiceChain (schema)
Wrapper object for PolicyServiceChain
Child wrapper object for PolicyServiceInstance used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyServiceChain | PolicyServiceChain Contains actual PolicyServiceChain. |
PolicyServiceChain | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyServiceChain | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyServiceInstance (schema)
Wrapper object for PolicyServiceInstance
Child wrapper object for PolicyServiceInstance used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyServiceInstance | PolicyServiceInstance Contains actual PolicyServiceInstance. |
PolicyServiceInstance | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyServiceInstance | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyServiceProfile (schema)
Wrapper object for PolicyServiceProfile
Child wrapper object for PolicyServiceProfile used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyServiceProfile | PolicyServiceProfile Contains actual PolicyServiceProfile. |
PolicyServiceProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyServiceProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyTier1MulticastConfig (schema)
Wrapper object for PolicyTier1MulticastConfig
Child wrapper object for PolicyTier1MulticastConfig used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyTier1MulticastConfig | PolicyTier1MulticastConfig Contains actual PolicyTier1MulticastConfig. |
PolicyTier1MulticastConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyTier1MulticastConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyTransportZone (schema)
Wrapper object for PolicyTransportZone
Child wrapper object for PolicyTransportZone, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyTransportZone | PolicyTransportZone Contains the actual PolicyTransportZone object. |
PolicyTransportZone | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyTransportZone | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyTransportZoneProfile (schema)
Wrapper object for PolicyTransportZoneProfile
Child wrapper object for PolicyTransportZoneProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyTransportZoneProfile | PolicyTransportZoneProfile Contains the actual PolicyTransportZoneProfile object. |
PolicyTransportZoneProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyTransportZoneProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyUrlCategorizationConfig (schema)
Wrapper object for PolicyUrlCategorizationConfig
Child wrapper object for PolicyUrlCategorizationConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyUrlCategorizationConfig | URL Categorization Config Contains the actual PolicyUrlCategorizationConfig object |
PolicyUrlCategorizationConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyUrlCategorizationConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyVpcNatRule (schema)
Wrapper object for PolicyVpcNatRule
Child wrapper object for PolicyVpcNatRule, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyVpcNatRule | Policy VPC Nat Rule Contains the actual Policy VPC Nat Rule object |
PolicyVpcNatRule | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyVpcNatRule | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPortDiscoveryProfileBindingMap (schema)
Wrapper object for PortDiscoveryProfileBindingMap
Child wrapper object for PortDiscoveryProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PortDiscoveryProfileBindingMap | PortDiscoveryProfileBindingMap Contains the actual PortDiscoveryProfileBindingMap object |
PortDiscoveryProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPortDiscoveryProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPortMirroringProfile (schema)
Wrapper object for PortMirroringProfile
Child wrapper object for PortMirroringProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PortMirroringProfile | PortMirroringProfile Contains the actual PortMirroringProfile object |
PortMirroringProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPortMirroringProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPortMonitoringProfileBindingMap (schema)
Wrapper object for PortMonitoringProfileBindingMap
Child wrapper object for PortMonitoringProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PortMonitoringProfileBindingMap | PortMonitoringProfileBindingMap Contains the actual PortMonitoringProfileBindingMap object |
PortMonitoringProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPortMonitoringProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPortQoSProfileBindingMap (schema)
Wrapper object for PortQoSProfileBindingMap
Child wrapper object for PortQoSProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PortQoSProfileBindingMap | PortQoSProfileBindingMap Contains the actual PortQoSProfileBindingMap object |
PortQoSProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPortQoSProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPortSecurityProfileBindingMap (schema)
Wrapper object for PortSecurityProfileBindingMap
Child wrapper object for PortSecurityProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PortSecurityProfileBindingMap | PortSecurityProfileBindingMap Contains the actual PortSecurityProfileBindingMap object |
PortSecurityProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPortSecurityProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPrefixList (schema)
Wrapper object for PrefixList
Child wrapper object for PrefixList, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PrefixList | PrefixList Contains the actual PrefixList object. |
PrefixList | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPrefixList | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildProject (schema)
Wrapper object for PROJECT
Child wrapper object for Project, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Project | PROJECT Contains the actual Project object |
Project | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildProject | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildProjectRouteFilter (schema)
Wrapper object for project route filter
Child wrapper object for ProjectRouteFilter used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ProjectRouteFilter | ProjectRouteFilter Contains actual ProjectRouteFilter. |
ProjectRouteFilter | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildProjectRouteFilter | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildQoSProfile (schema)
Wrapper object for QoSProfile
Child wrapper object for QoSProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| QoSProfile | QoSProfile Contains the actual QoSProfile object |
QoSProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildQoSProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildReaction (schema)
Wrapper object for Reaction
Child wrapper object for Reaction used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Reaction | Reaction Contains the actual Reaction object. |
Reaction | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildReaction | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildRedirectionPolicy (schema)
Wrapper object for RedirectionPolicy
Child wrapper object for RedirectionPolicy used in Hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| RedirectionPolicy | RedirectionPolicy Contains actual RedirectionPolicy. |
RedirectionPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildRedirectionPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildRedirectionRule (schema)
Wrapper object for RedirectionRule
Child wrapper object for ChildRedirectionRule used in Hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| RedirectionRule | RedirectionRule Contains actual RedirectionRule. |
RedirectionRule | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildRedirectionRule | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildResourceReference (schema)
Represents the reference to ChildPolicyConfigResource
Represents a reference to ChildPolicyConfigResource in the hierarchical API. resource_type, id and target_type are mandatory fields.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildResourceReference | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| target_type | The target type of this reference | string | Required |
ChildRule (schema)
Wrapper object for Rule
Child wrapper object for Rule, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Rule | Rule Contains the actual Rule object |
Rule | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildRule | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSIStatusConfiguration (schema) (Experimental)
Wrapper object for PolicySIStatusConfiguration
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicySIStatusConfiguration | Contains the actual service insertion status configuration list object.
|
PolicySIStatusConfiguration | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSIStatusConfiguration | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSecurityFeatures (schema)
Wrapper object for Security Feature
Child wrapper object for T1 Security Feature, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SecurityFeatures | Security configs Contains the actual SecurityFeatures object |
SecurityFeatures | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSecurityFeatures | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSecurityPolicy (schema)
Wrapper object for SecurityPolicy
Child wrapper object for SecurityPolicy, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SecurityPolicy | SecurityPolicy Contains the actual SecurityPolicy object |
SecurityPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSecurityPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSegment (schema)
Wrapper object for Segment
Child wrapper object for Segment, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Segment | Segment Contains the actual Segment object. |
Segment | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSegment | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSegmentDiscoveryProfileBindingMap (schema)
Wrapper object for SegmentDiscoveryProfileBindingMap
Child wrapper object for SegmentDiscoveryProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SegmentDiscoveryProfileBindingMap | SegmentDiscoveryProfileBindingMap Contains the actual SegmentDiscoveryProfileBindingMap object |
SegmentDiscoveryProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSegmentDiscoveryProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSegmentMonitoringProfileBindingMap (schema)
Wrapper object for SegmentMonitoringProfileBindingMap
Child wrapper object for SegmentMonitoringProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SegmentMonitoringProfileBindingMap | SegmentMonitoringProfileBindingMap Contains the actual SegmentMonitoringProfileBindingMap object |
SegmentMonitoringProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSegmentMonitoringProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSegmentPort (schema)
Wrapper object for SegmentPort
Child wrapper object for SegmentPort, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SegmentPort | SegmentPort Contains the actual SegmentPort object |
SegmentPort | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSegmentPort | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSegmentQoSProfileBindingMap (schema)
Wrapper object for SegmentQoSProfileBindingMap
Child wrapper object for SegmentQoSProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SegmentQoSProfileBindingMap | SegmentQoSProfileBindingMap Contains the actual SegmentQoSProfileBindingMap object |
SegmentQoSProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSegmentQoSProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSegmentSecurityProfile (schema)
Wrapper object for SegmentSecurityProfile
Child wrapper object for SegmentSecurityProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SegmentSecurityProfile | SegmentSecurityProfile Contains the actual SegmentSecurityProfile object |
SegmentSecurityProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSegmentSecurityProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSegmentSecurityProfileBindingMap (schema)
Wrapper object for SegmentSecurityProfileBindingMap
Child wrapper object for SegmentSecurityProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SegmentSecurityProfileBindingMap | SegmentSecurityProfileBindingMap Contains the actual SegmentSecurityProfileBindingMap object |
SegmentSecurityProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSegmentSecurityProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildService (schema)
Wrapper object for Service
Child wrapper object for Service, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Service | Service Contains the actual Service object. |
Service | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildService | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildServiceEntry (schema)
Wrapper object for ServiceEntry
Child wrapper object for ServiceEntry, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Service | ServiceEntry This is a deprecated property, Please use 'ServiceEntry' instead. |
ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry |
Deprecated |
| ServiceEntry | ServiceEntry Contains the actual ServiceEntry object. |
ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildServiceEntry | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildServiceInstanceEndpoint (schema)
Wrapper object for ServiceInstanceEndpoint
Child wrapper object for ServiceInstanceEndpoint used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ServiceInstanceEndpoint | ServiceInstanceEndpoint Contains actual ServiceInstanceEndpoint. |
ServiceInstanceEndpoint | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildServiceInstanceEndpoint | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildServiceInterface (schema)
Wrapper object for ServiceInterface
Child wrapper object for ServiceInterface, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ServiceInterface | ServiceInterface Contains the actual ServiceInterface object. |
ServiceInterface | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildServiceInterface | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildServiceReference (schema)
Wrapper object for ServiceReference
Child wrapper object for ServiceReference used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ServiceReference | ServiceReference Contains actual ServiceReference. |
ServiceReference | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildServiceReference | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildServiceSegment (schema)
Wrapper object for SerivceSegment
Child wrapper object for ServiceSegment, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| ServiceSegment | ServiceSegments Contains the actual ServiceSegment objects |
ServiceSegment | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildServiceSegment | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSessionTimerProfileBindingMap (schema)
Wrapper object for SessionTimerProfileBindingMap
Child wrapper object for SessionTimerProfileBindingMap,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SessionTimerProfileBindingMap | SessionTimerProfileBindingMap Contains the actual SessionTimerProfileBindingMap object |
SessionTimerProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSessionTimerProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildShaDynamicPlugin (schema)
Wrapper object for ShaDynamicPlugin
Child wrapper object for ShaDynamicPlugin, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| ShaPluginProfile | ShaDynamicPlugin Contains the actual ShaDynamicPlugin object |
ShaDynamicPlugin | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildShaDynamicPlugin | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildShaPluginProfile (schema)
Wrapper object for ShaPluginProfile
Child wrapper object for ShaPluginProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| ShaPluginProfile | ShaPluginProfile Contains the actual ShaPluginProfile object |
ShaPluginProfile (Abstract type: pass one of the following concrete types) ShaDynamicPluginProfile ShaPredefinedPluginProfile |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildShaPluginProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildShaPredefinedPlugin (schema)
Wrapper object for ShaDynamicPlugin
Child wrapper object for ShaPredefinedPlugin, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| ShaPluginProfile | ShaPredefinedPlugin Contains the actual ShaPredefinedPlugin object |
ShaPredefinedPlugin | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildShaPredefinedPlugin | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildShare (schema)
Wrapper object for Share
Child wrapper object for Share, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Share | Share Contains the actual Share object |
Share | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildShare | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSharedResource (schema)
Wrapper object for SharedResource
Child wrapper object for SharedResource, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SharedResource | SharedResource Contains the actual SharedResource object |
SharedResource | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSharedResource | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSite (schema)
Wrapper object for Site
Child wrapper object for Site, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Site | Site Contains the actual Site object. |
Site | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSite | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSpoofGuardProfile (schema)
Wrapper object for SpoofGuardProfile
Child wrapper object for SpoofGuardProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SpoofGuardProfile | SpoofGuardProfile Contains the actual SpoofGuardProfile object |
SpoofGuardProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSpoofGuardProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildStandaloneHostIdfwConfiguration (schema)
Wrapper object for StandaloneHostIdfwConfiguration
| Name | Description | Type | Notes |
|---|---|---|---|
| StandaloneHostIdfwConfiguration | StandaloneHostIdfwConfiguration Contains the actual standalone host idfw configuration object. |
StandaloneHostIdfwConfiguration | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildStandaloneHostIdfwConfiguration | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildStaticARPConfig (schema)
Wrapper object for StaticARPConfig
Child wrapper object for StaticARPConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| StaticARPConfig | StaticARPConfig Contains the actual StaticARPConfig object. |
StaticARPConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildStaticARPConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildStaticMimeContent (schema)
Wrapper object for Child Static MIME content
Child wrapper object for Static MIME content, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsProfile | Static Mime Content Contains the actual Static MIME content object. |
StaticMimeContent | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildStaticMimeContent | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildStaticRouteBfdPeer (schema)
Wrapper object for StaticRouteBfdPeer
Child wrapper for StaticRouteBfdPeer, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| BfdPeer | Static Route BFD Peer Contains the actual StaticRouteBfdPeer object. |
StaticRouteBfdPeer | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildStaticRouteBfdPeer | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildStaticRoutes (schema)
Wrapper object for StaticRoutes
Child wrapper object for StaticRoutes, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| StaticRoutes | StaticRoutes Contains the actual StaticRoutes object. |
StaticRoutes | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildStaticRoutes | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTagBulkOperation (schema)
Child wrapper object for TagBulkOperation
Child wrapper object for TagBulkOperation, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| TagBulkOperation | TagBulkOperation Contains actual TagBulkOperation object. |
TagBulkOperation | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTagBulkOperation | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier0 (schema)
Wrapper object for Tier-0
Child wrapper object for Tier-0, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier0 | Tier-0 Contains the actual Tier-0 object. |
Tier0 | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier0 | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier0DeploymentMap (schema)
Wrapper object for Tier0DeploymentMap
Child wrapper object for Tier0DeploymentMap, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier0DeploymentMap | Tier0DeploymentMap Contains the actual Tier0DeploymentMap object. |
Tier0DeploymentMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier0DeploymentMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier0Interface (schema)
Wrapper object for Tier0Interface
Child wrapper object for Tier0Interface, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier0Interface | Tier0Interface Contains the actual Tier0Interface object. |
Tier0Interface | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier0Interface | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier0InterfaceGroup (schema)
Wrapper object for Tier0InterfaceGroup
Child wrapper object for Tier0InterfaceGroup, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier0InterfaceGroup | Tier0InterfaceGroup Contains the actual Tier0InterfaceGroup object. |
Tier0InterfaceGroup | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier0InterfaceGroup | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier0RouteMap (schema)
Wrapper object for Tier0RouteMap
Child wrapper object for Tier0RouteMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier0RouteMap | Tier0RouteMap Contains the actual Tier0RouteMap object |
Tier0RouteMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier0RouteMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier0SecurityFeatures (schema)
Wrapper object for T0 Security Feature
Child wrapper object for T0 Security Feature, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier0SecurityFeatures | T0 Security configs Contains the actual TO SecurityFeatures object |
Tier0SecurityFeatures | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier0SecurityFeatures | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier1 (schema)
Wrapper object for Tier-1
Child wrapper object for Tier-1 , used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier1 | Tier-1 Contains the actual Tier-1 object. |
Tier1 | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier1 | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier1DeploymentMap (schema)
Wrapper object for Tier1DeploymentMap
Child wrapper object for Tier1DeploymentMap, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier1DeploymentMap | Tier1DeploymentMap Contains the actual Tier1DeploymentMap object. |
Tier1DeploymentMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier1DeploymentMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier1Interface (schema)
Wrapper object for Tier1Interface
Child wrapper object for Tier1Interface, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier1Interface | Tier1Interface Contains the actual Tier1Interface object. |
Tier1Interface | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier1Interface | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier1InterfaceGroup (schema)
Wrapper object for Tier1InterfaceGroup
Child wrapper object for Tier1InterfaceGroup, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier1InterfaceGroup | Tier1InterfaceGroup Contains the actual Tier1InterfaceGroup object. |
Tier1InterfaceGroup | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier1InterfaceGroup | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTlsCertificate (schema)
Wrapper object for TlsCertificate
Child wrapper for TlsCertificate, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsCertificate | TlsCertificate Contains the actual TlsCertificate object. |
TlsCertificate | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTlsCertificate | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTlsCrl (schema)
Wrapper object for TlsCrl
Child wrapper for TlsCrl, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsCrl | TlsCrl Contains the actual TlsCrl object. |
TlsCrl | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTlsCrl | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTlsPolicy (schema)
Wrapper object for TlsPolicy
Child wrapper object for TLSPolicy, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsPolicy | TlsPolicy Contains the actual TLSPolicy object |
TlsPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTlsPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTlsProfile (schema)
Wrapper object for Child TLS Profile
Child wrapper object for TLS Profile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsProfile | TLS Profile Contains the actual TLS profile object. |
TlsProfile (Abstract type: pass one of the following concrete types) TlsInspectionExternalProfile TlsInspectionInternalProfile |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTlsProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTlsRule (schema)
Wrapper object for Rule
Child wrapper object for Rule, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsRule | TLS Rule Contains the actual TLS Rule object |
TlsRule | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTlsRule | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTlsTrustData (schema)
Wrapper object for TlsTrustData
Child wrapper for TlsTrustData, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsTrustData | TlsTrustData Contains the actual TlsTrustData object. |
TlsTrustData | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTlsTrustData | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTraceflowConfig (schema)
Wrapper object for TraceflowConfig
Child wrapper for TraceflowConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| TraceflowConfig | TraceflowConfig Contains the actual TraceflowConfig object. |
TraceflowConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTraceflowConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTypesRequestParameter (schema)
Filter to populate child types of the policyConfigResource
Specified child resource types will be populated in the response body
| Name | Description | Type | Notes |
|---|---|---|---|
| base_path | Base Path for retrieving hierarchical intent Base path of the resource for which user wants to retrieve the hierarchy. This should be the fully qualified path for the resource. - Sample examples - base_path=/infra/domains/default/groups/Group1 base_path=/infra/domains/default/security-policies/SecurityPolicy1/rules/Rule1 |
string | |
| filter | Filter string as java regex Filter string, can contain multiple or single java regular expressions separated by ';'. By default populates immediate child resources of the resource indicated by the URL. These child resources will be filtered by the type provided in the filter. It is recommended to use type_filter parameter instead of filter parameter. - Sample query string to prevent loading services and deployment zones: filter=Type-^(?!.*?(?:Service|DeploymentZone)).*$ - Sample query string to populate all the Group objects under Infra & Domain: filter=Type-Domain%7CGroup - Sample query string to load every policy object under Infra: filter=Type-.* |
string | |
| type_filter | Filter string to retrieve hierarchy. Advanced filter string in which user can directly specify the resourceTypes to be filtered. Can be used in conjunction with base_path. - Sample example of type_filter to load all groups - type_filter=Group - Sample example of multiple type_filter - type_filter=Group;SercurityPolicy;RedirectionPolicy - Sample example to load all groups in default domain using base_path in conjunction with type_filter - base_path=/infra/domains/default&type_filter=Group |
string |
ChildVMTagReplicationPolicy (schema)
Wrapper object for VMTagReplicationPolicy
Child wrapper object for VMTagReplicationPolicy, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| VMTagReplicationPolicy | VMTagReplicationPolicy Contains the actual VMTagReplicationPolicy object |
VMTagReplicationPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildVMTagReplicationPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildVirtualEndpoint (schema)
Wrapper object for VirtualEndpoint
Child wrapper object for VirtualEndpoint used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| VirtualEndpoint | VirtualEndpoint Contains reference to actual VirtualEndpoint. |
VirtualEndpoint | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildVirtualEndpoint | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildVniPoolConfig (schema)
Wrapper object for VniPoolConfig
Child wrapper object for VniPoolConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| VniPoolConfig | VniPoolConfig Contains the actual VniPoolConfig object. |
VniPoolConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildVniPoolConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildVpc (schema)
Wrapper object for VPC
Child wrapper object for VPC, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Vpc | VPC Contains the actual VPC object |
Vpc | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildVpc | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildVpcIpAddressAllocation (schema)
Wrapper object for VpcIpAddressAllocation
Child wrapper object for IpAddressAllocation, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| VpcIpAddressAllocation | VpcIpAddressAllocation Contains the actual VpcIpAddressAllocation object |
VpcIpAddressAllocation | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildVpcIpAddressAllocation | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildVpcSubnet (schema)
Wrapper object for VPC Subnet
Child wrapper object for VPC Subnet, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| VpcSubnet | VPC Subnet Contains the actual VPC Subnet object |
VpcSubnet | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildVpcSubnet | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildVpcSubnetPort (schema)
Wrapper object for VPC Subnet Port
Child wrapper object for VPC Subnet Port, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| VpcSubnetPort | VPC Subnet Port Contains the actual VPC Subnet Port object |
VpcSubnetPort | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildVpcSubnetPort | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
CidrArrayConstraintValue (schema)
Array of CIDR Values to perform operation
List of CIDR values
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Must be set to the value CidrArrayConstraintValue | string | Required Enum: StringArrayConstraintValue, CidrArrayConstraintValue, IntegerArrayConstraintValue |
| values | Array of IP addresses This array can consist of a single IP address, IP address range or a subnet. Its type can be of either IPv4 or IPv6. Both IPv4 and IPv6 addresses within one expression is not allowed. Supported list of formats are, "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64". |
array of IPElement | Required Minimum items: 1 Maximum items: 100 |
CipherSuite (schema)
HTTP cipher suite
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | Enable status for this cipher suite | boolean | Required |
| name | Name of the TLS cipher suite | string | Required |
ClaimMap (schema)
Claim map
Information about how to map a single OIDC ID token claim to one or more NSX roles.
| Name | Description | Type | Notes |
|---|---|---|---|
| claim_name | string | ||
| value_to_role_map | array of ClaimValueToRoleMap |
ClaimValueToRoleMap (schema)
Claim value map
| Name | Description | Type | Notes |
|---|---|---|---|
| claim_value | Claim value The value of the claim to map. |
string | |
| roles | Mapped roles The NSX roles that this particular claim value should map to. |
array of string |
ClasslessStaticRoute (schema) (Deprecated)
DHCP classless static route option
DHCP classless static route option.
| Name | Description | Type | Notes |
|---|---|---|---|
| network | Destination in CIDR Destination network in CIDR format. |
IPElement | Required |
| next_hop | Router IP address of next hop of the route. |
IPAddress | Required |
ClientAuthType (schema) (Deprecated)
client authentication mode
Client authentication could be REQUIRED or IGNORE.
REQUIRED means that client is required to present its
certificate to the server for authentication. To be accepted, client
certificate must be signed by one of the trusted Certificate
Authorities (CAs), also referred to as root CAs, whose self signed
certificates are specified in the same client SSL profile binding.
IGNORE means that client certificate would be ignored.
| Name | Description | Type | Notes |
|---|---|---|---|
| ClientAuthType | client authentication mode Client authentication could be REQUIRED or IGNORE. REQUIRED means that client is required to present its certificate to the server for authentication. To be accepted, client certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified in the same client SSL profile binding. IGNORE means that client certificate would be ignored. |
string | Deprecated Enum: REQUIRED, IGNORE |
ClusterBackupInfo (schema)
Cluster backup details
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | IP address or FQDN of the node from which the backup was taken | string | Required Readonly Format: hostname-or-ip |
| node_id | ID of the node from which the backup was taken | string | Required Readonly |
| restore_type | Type of restore allowed | array of string | Readonly Enum: REGULAR_RESTORE, POLICY_ONLY_RESTORE Default: "[]" |
| timestamp | timestamp of the cluster backup file | EpochMsTimestamp | Required Readonly |
ClusterBackupInfoListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List of timestamps of backed-up cluster files | array of ClusterBackupInfo | Required Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ClusterCertificateId (schema)
Cluster Certificate ID
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate_id | Certificate ID | string | Required |
ClusterMemberDetails (schema)
Group member details
Details of the member belonging to a Group
| Name | Description | Type | Notes |
|---|---|---|---|
| cluster_id | The Antrea cluster id of the pod | string | Required Readonly |
| cluster_name | The Antrea cluster name of the pod | string | Required Readonly |
| namespaces | array of NamespaceMemberDetails | Required |
ClusterNodeRole (schema)
Cluster node role
Enumerates the roles that can be specified in VM auto-deployment.
| Name | Description | Type | Notes |
|---|---|---|---|
| ClusterNodeRole | Cluster node role Enumerates the roles that can be specified in VM auto-deployment. |
string | Enum: CONTROLLER, MANAGER |
ClusterNodeVMDeletionParameters (schema)
Parameters for DeleteAutoDeployedClusterNodeVM
Parameters for deletion of a cluster node VM.
| Name | Description | Type | Notes |
|---|---|---|---|
| force_delete | Delete by force If true, the VM will be undeployed even if it cannot be removed from its cluster. |
boolean |
ClusterNodeVMDeploymentConfig (schema)
Configuration for deploying cluster node VM
Contains info used to configure the VM on deployment
| Name | Description | Type | Notes |
|---|---|---|---|
| placement_type | Type of deployment Specifies the config for the platform through which to deploy the VM |
string | Required Enum: VsphereClusterNodeVMDeploymentConfig |
ClusterNodeVMDeploymentRequest (schema)
Info for an auto-deployment request
Contains the deployment information for a cluster node VM soon to be
deployed or already deployed by the Manager
| Name | Description | Type | Notes |
|---|---|---|---|
| deployment_config | Deployment config for cluster node VM Info needed to configure a cluster node VM at deployment for a specific platform. May require different parameters depending on the method used to deploy the VM. |
ClusterNodeVMDeploymentConfig (Abstract type: pass one of the following concrete types) ClusterNodeVMDeploymentConfig VsphereClusterNodeVMDeploymentConfig |
Required |
| form_factor | Form factor for cluster node VMs Specifies the desired "size" of the VM |
ClusterNodeVMFormFactor | Default: "MEDIUM" |
| roles | Cluster node roles of the VM List of cluster node role (or roles) which the VM should take on. They specify what type (or types) of cluster node which the new VM should act as. Currently both CONTROLLER and MANAGER must be provided, since this permutation is the only one supported now. |
array of ClusterNodeRole | Required |
| user_settings | User settings for the VM Username and password settings for the cluster node VM. Passwords must be at least 12 characters in length and contain at least one lowercase, one uppercase, one numerical, and one special character. Note: These settings will be honored only during VM deployment. Post-deployment, CLI must be used for changing the user settings and changes to these parameters will not have any effect. |
NodeUserSettings | Required |
| vm_id | ID of VM used to recognize it ID of the VM maintained internally and used to recognize it. Note: This is automatically generated and cannot be modified. |
string | Readonly |
ClusterNodeVMDeploymentRequestList (schema)
ClusterNodeVMDeploymentRequest list
List of ClusterNodeVMDeploymentRequests
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Results Array of existing ClusterNodeVMDeploymentRequests |
array of ClusterNodeVMDeploymentRequest | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ClusterNodeVMDeploymentStatusReport (schema)
Report of a VM's deployment status
Contains up-to-date information relating to an auto-deployed VM, including
its status and (potentially) an error message.
| Name | Description | Type | Notes |
|---|---|---|---|
| deployment_progress_state | Deployment progress state of node VM Detailed progress state of node VM deployment realization |
VMDeploymentProgressState | Readonly |
| failure_code | Error code for failure In case of auto-deployment-related failure, the code for the error will be stored here. |
integer | |
| failure_message | Error message for failure In case of auto-deployment-related failure, an error message will be stored here. |
string | |
| status | Auto-deployed VM's deployment status Status of the addition or deletion of an auto-deployed cluster node VM. |
string | Required Enum: UNKNOWN_STATE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, WAITING_TO_REGISTER_VM, VM_REGISTRATION_FAILED, VM_WAITING_TO_CLUSTER, VM_WAITING_TO_COME_ONLINE, VM_ONLINE_FAILED, VM_CLUSTERING_IN_PROGRESS, VM_CLUSTERING_FAILED, VM_CLUSTERING_SUCCESSFUL, WAITING_TO_UNDEPLOY_VM, VM_DECLUSTER_IN_PROGRESS, VM_DECLUSTER_FAILED, VM_DECLUSTER_SUCCESSFUL, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL |
ClusterNodeVMFormFactor (schema)
Supported VM form factor for cluster nodes
Specifies the desired "size" of the VM. Affects number of virtual CPUs
and/or memory size given to the new cluster node VM.
| Name | Description | Type | Notes |
|---|---|---|---|
| ClusterNodeVMFormFactor | Supported VM form factor for cluster nodes Specifies the desired "size" of the VM. Affects number of virtual CPUs and/or memory size given to the new cluster node VM. |
string | Enum: SMALL, MEDIUM, LARGE |
ClusterRestoreStatus (schema)
Cluster restore status
| Name | Description | Type | Notes |
|---|---|---|---|
| allowed_actions | List of actions that are allowed. | array of string | Readonly Default: "[]" |
| backup_timestamp | Timestamp when backup was initiated in epoch millisecond | EpochMsTimestamp | Readonly |
| endpoints | The list of allowed endpoints, based on the current state of the restore process | array of ResourceLink | Required Readonly |
| id | Unique id for backup request | string | Readonly |
| instructions | Instructions for users to reconcile Restore operations | array of InstructionInfo | Readonly |
| not_allowed_actions | List of actions that are not allowed | array of string | Readonly Enum: VC_UPDATES Default: "[]" |
| restore_end_time | Timestamp when restore was completed in epoch millisecond | EpochMsTimestamp | Readonly |
| restore_start_time | Timestamp when restore was started in epoch millisecond | EpochMsTimestamp | Readonly |
| status | GlobalRestoreStatus | ||
| step | RestoreStep | ||
| total_steps | Total number of steps in the entire restore process | integer | Readonly |
ClusterRestoreStatusRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| restore_component | string | Readonly Enum: LOCAL_MANAGER, GLOBAL_MANAGER Default: "LOCAL_MANAGER" |
ClusterVirtualIpProperties (schema)
Cluster virtual IP properties
| Name | Description | Type | Notes |
|---|---|---|---|
| force | On enable it ignores duplicate address detection and DNS lookup validation check | string | Enum: true, false Default: "false" |
| ip6_address | Virtual IPv6 address, :: if not configured | string | |
| ip_address | Virtual IP address, 0.0.0.0 if not configured | string |
ClusteringConfig (schema)
Configuration for VM's clustering
Configuration for automatically joining a cluster node to the
cluster after it is deployed. ClusteringConfig is required
if any of the deployment nodes has CONTROLLER role.
| Name | Description | Type | Notes |
|---|---|---|---|
| clustering_type | Type for the clustering config Specifies the type of clustering config to be used. |
string | Required Enum: ControlClusteringConfig |
ColumnItem (schema)
Grid Column
Represents a column of the Grid
| Name | Description | Type | Notes |
|---|---|---|---|
| column_identifier | Identifier for this column Identifies the column and used for fetching content upon an user click or drilldown. If column identifier is not provided, the column's data will not participate in searches and drilldowns. |
string | |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. |
string | Maximum length: 255 |
| field | Column Field Field from which values of the column will be derived. |
string | Required Maximum length: 1024 |
| hidden | Hide the column If set to true, hides the column |
boolean | Default: "False" |
| label | Column Label Label of the column. |
Label | Required |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. If drilldown_id is provided, then navigation cannot be used. |
string | Maximum length: 1024 |
| render_configuration | Render Configuration Render configuration to be applied, if any. |
array of RenderConfiguration | |
| sort_ascending | Represents order of sorting the values If true, the value of the column are sorted in ascending order. Otherwise, in descending order. |
boolean | Default: "True" |
| sort_key | Key for sorting on this column Sorting on column is based on the sort_key. sort_key represents the field in the output data on which sort is requested. |
string | Maximum length: 255 |
| tooltip | Multi-line tooltip Multi-line text to be shown on tooltip while hovering over a cell in the grid. |
array of Tooltip | |
| type | Field data type Data type of the field. |
string | Required Enum: String, Number, Date Maximum length: 255 Default: "String" |
CommunicationEntry (schema) (Deprecated)
A communication entry specifies the security policy between the workload groups
A communication entry indicates the action to be performed for various types of traffic flowing between workload groups. This type is deprecated. Use the type Rule instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Action The action to be applied to all the services. |
string | Enum: ALLOW, DROP, REJECT |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_groups | Destination group paths We need paths as duplicate names may exist for groups under different domains.In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| direction | Direction Define direction of traffic. |
string | Enum: IN, OUT, IN_OUT Default: "IN_OUT" |
| disabled | Flag to deactivate the rule Flag to deactivate the rule. Default is activated. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| logged | Enable logging flag Flag to enable packet logging. Default is deactivated. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| notes | Text for additional notes on changes Text for additional notes on changes. |
string | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value CommunicationEntry | string | |
| scope | The list of policy paths where the communication entry is applied
Edge/LR/T0/T1/LRP/CGW/MGW/etc. Note that a given rule can be applied on multiple LRs/LRPs. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number of the this CommunicationEntry This field is used to resolve conflicts between multiple CommunicationEntries under CommunicationMap for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple communication entries with the same sequence number then their order is not deterministic. If a specific order of communication entry is desired, then one has to specify unique sequence numbers or use the POST request on the communication entry entity with a query parameter action=revise to let the framework assign a sequence number |
int | |
| services | Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| source_groups | Source group paths We need paths as duplicate names may exist for groups under different domains. In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| tag | Tag applied on the communication entry User level field which will be printed in CLI and packet logs. |
string | Maximum length: 32 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
CommunicationMap (schema) (Deprecated)
Contains ordered list of CommunicationEntries
Ordered list of CommunicationEntries. This object is created by default
along with the Domain.
This type is deprecated. Use the type SecurityPolicy instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a communication map, if needed. - Distributed Firewall - Policy framework for Distributed Firewall provides four pre-defined categories for classifying a communication map. They are "Emergency", "Infrastructure", "Environment" and "Application". Amongst the layer 3 communication maps,there is a pre-determined order in which the policy framework manages the priority of these communication maps. Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a communication map into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four layer 3 categories. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| communication_entries | CommunicationEntries that are a part of this CommunicationMap | array of CommunicationEntry | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| precedence | Precedence to resolve conflicts across Domains This field is used to resolve conflicts between communication maps across domains. In order to change the precedence of a communication map one can fire a POST request on the communication map entity with a query parameter action=revise The precedence field will reflect the value of the computed precedence upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several communication maps, the only way to set the precedence is to explicitly specify the precedence number for each communication map. If no precedence is specified in the payload, a value of 0 is assigned by default. If there are multiple communication maps with the same precedence then their order is not deterministic. If a specific order of communication map is desired, then one has to specify a unique precedence or use the POST request on the communication map entity with a query parameter action=revise to let the framework assign a precedence |
int | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value CommunicationMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
CommunityList (schema)
Community list for BGP routing configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| communities | List of BGP community entries List of BGP community entries. Both standard and large communities are supported. Standard community format: aa:nn where aa and nn must be within the range [1 - 65536]. Large BGP Community format: aa:bb:nn where aa (Global Administrator), bb (Local Data Part 1) and nn (Local Data Part 2) must be within the range [1 - 4294967295]. In additon to numbered communites (e.g. 3356:2040), predefined communities (NO_EXPORT, NO_ADVERTISE, NO_EXPORT_SUBCONFED) are supported. |
array of string | Required Minimum items: 1 |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value CommunityList | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
CommunityListListResult (schema)
Paged collection of CommunityLists
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | CommunityList results | array of CommunityList | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
CommunityMatchCriteria (schema)
Match criteria based on a community list
| Name | Description | Type | Notes |
|---|---|---|---|
| criteria | Match criteria based on community list path or a regular expression Match criteria specified as a community list path or a regular expression. |
string | Required |
| match_operator | Match operator for community list entries Match operator for community list entries. Not valid when a regular expression is specified for criteria. |
string | Enum: MATCH_ANY, MATCH_ALL, MATCH_EXACT, MATCH_COMMUNITY_REGEX, MATCH_LARGE_COMMUNITY_REGEX |
CompatibilityCheckResult (schema)
Precheck result for onboaring standby Global Manager or remote Site to
federation
Result of prechecks run for onboarding standby Global Manager or remote
site. The checks include NSX version compatibility with active Global
Manager, Round Trip Time (RTT), etc. Note that some of checks like RTT are
soft limits.
| Name | Description | Type | Notes |
|---|---|---|---|
| local_nsx_version | Local Site NSX version where active Global Mananger is running Local Site NSX version where active Global Mananger is running. |
string | Readonly |
| nsx_version | Remote Site NSX version Remote Site NSX version. |
string | Readonly |
| rtt | Round trip time to the remote Site or Global Manager from active
Global Manager
Round trip time to the remote Site or Global Manager from active Global Manager. |
integer | Readonly |
| rtt_exceeded | Flag to indicate if RTT to remote Site exceeds the recommended limit Flag to indicate if RTT to remote Site exceeds the recommended limit. |
boolean | Readonly |
| version_compatible | Flag to indicate if remote Site NSX version is compatible Flag to indicate if remote Site NSX version is compatible with active Global Manager. |
boolean | Readonly |
CompatibilityDetail (schema)
Feature Compatibility Details
Feature compatibility status details indicating specific site configuration
incompatibility with global manager configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| attributes | Additional Attributes | array of OnboardingAttribute | Readonly Maximum items: 20 |
| status_code | Status Code Unique integer number indicating configuration incompatibility. |
integer | Required Readonly |
| status_message | Status Message A brief explaination of status code. |
string | Readonly |
ComponentTargetVersion (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | string | Required Readonly |
|
| target_version | string | Required Readonly |
ComponentTypeListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type on which the action is performed or on which the results are filtered | string | |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ComponentUpgradeChecksInfo (schema)
Meta-data of pre/post-upgrade checks for a component
Meta-data of pre/post-upgrade checks for a component
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type Component type of the pre/post-upgrade checks |
string | Required |
| post_upgrade_checks_info | Collection of post-upgrade checks | array of UpgradeCheckInfo | |
| pre_upgrade_checks_info | Collection of pre-upgrade checks | array of UpgradeCheckInfo |
ComponentUpgradeChecksInfoListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Collection of info of pre/post-upgrade checks for components | array of ComponentUpgradeChecksInfo | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ComponentUpgradeStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| can_rollback | Can perform rollback This field indicates whether we can perform upgrade rollback. |
boolean | Readonly |
| can_skip | Can the upgrade of the remaining units in this component be skipped | boolean | Readonly |
| component_type | Component type for the upgrade status | string | Readonly |
| current_version_node_summary | Mapping of current versions of nodes and counts of nodes at the respective versions. | NodeSummaryList | Readonly |
| details | Details about the upgrade status | string | Readonly |
| node_count_at_target_version | Count of nodes at target component version Number of nodes of the type and at the component version |
int | Readonly |
| percent_complete | Indicator of upgrade progress in percentage | number | Required Readonly |
| pre_upgrade_status | Pre-upgrade status of the component-type | UpgradeChecksExecutionStatus | Readonly |
| status | Upgrade status of component | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED |
| target_component_version | Target component version | string | Readonly |
ComputeClusterIdfwConfiguration (schema)
Compute cluster idfw configuration
Idfw configuration for activate/deactivate idfw on cluster level.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cluster_idfw_enabled | Idfw enabled flag If set to true, idfw is enabled for this cluster |
boolean | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_stale | Cluster stale flag If set to true, this cluster has been deleted from NSX. |
boolean | Readonly |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| member | PolicyResourceReference Contains actual policy resource reference object |
PolicyResourceReference | Required |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ComputeClusterIdfwConfiguration | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
Condition (schema)
Represents the leaf level condition
Represents the leaf level condition. Evaluation of the condition expression
will be case insensitive.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| exclude | Members to be excluded from the condition List of members to be excluded from the condition. This field is applicable only for condition representing the list of malicious IPs. Only IPAddressExpression and PathExpression are supported. The PathExpression should have paths of Groups that of the group_type IPAddress. Multiple PathExpressions are not supported here. |
ExcludedMembersList | |
| id | Unique identifier of this resource | string | Sortable |
| key | Key | string | Required Enum: Tag, Name, OSName, ComputerName, NodeType, GroupType, ALL, IPAddress, PodCidr |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| member_type | Group member type For global groups (groups created from Global Manager), the supported Member Types are - VirtualMachine, Segment, SegmentPort, Group, DVPG and DVPort. For local groups (groups created on the local policy manager), the supported member types are IPSet, VirtualMachine, LogicalPort, LogicalSwitch, Segment, SegmentPort, Pod, Service, Namespace, TransportNode, Group, DVPG, DVPort, KubernetesCluster, KubernetesNamespace, AntreaEgress, AntreaIPPool, KubernetesIngress, KubernetesGateway, KubernetesService and KubernetesNode. |
string | Required Enum: IPSet, VirtualMachine, LogicalPort, LogicalSwitch, Segment, SegmentPort, Pod, Service, Namespace, TransportNode, Group, DVPG, DVPort, IPAddress, VpcSubnet, KubernetesCluster, KubernetesNamespace, AntreaEgress, AntreaIPPool, KubernetesIngress, KubernetesGateway, KubernetesService, KubernetesNode, VpcSubnetPort |
| operator | operator Operator is made non-mandatory to support Segment and SegmentPort tag based expression. To evaluate expression for other types, operator value should be provided. |
string | Enum: EQUALS, CONTAINS, STARTSWITH, ENDSWITH, NOTEQUALS, NOTIN, MATCHES, IN |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Condition | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| scope_operator | operator Default operator when not specified explicitly would be considered as EQUALS. If value for Condition is empty, then condition will not be evaluated. For example, Condition with key as Tag and value as "|tag" would be evaluated for tag value not for empty scope value. |
string | Enum: EQUALS, NOTEQUALS |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| value | Value | string | Required Minimum length: 1 |
ConditionalValueConstraintExpression (schema)
Represents the leaf level conditional value constraint.
Represents the leaf level expression to restrict the target attribute value
based on the set of existing values. Generally, used in combination with
RelatedAttributeConditionalExpression to constraint the values related to
another attribute on the same resource. This object is always used in
conjunction with some exression.
Example -
{
"condition" : {
"operator":"INCLUDES",
"rhs_value": ["/infra/domains/mgw/groups/VCENTER", "/infra/domains/mgw/groups/SRM", "/infra/domains/mgw/groups/NSX"],
"value_constraint": {
"resource_type": "ValueConstraintExpression",
"operator":"EXCLUDES",
"values":["/infra/domains/mgw/groups/VCENTER", "/infra/domains/mgw/groups/SRM", "/infra/domains/mgw/groups/NSX"]
}
}
| Name | Description | Type | Notes |
|---|---|---|---|
| operator | Set operation to constraint values. INCLUDES_ANY operator supported only for StringArrayConstraintValue |
string | Required Enum: INCLUDES, INCLUDES_ANY, EXCLUDES, EQUALS |
| rhs_value | Array of values to perform operation. List of values. |
array of string | |
| rhs_value_with_type | Array of values to perform operation. List of values. |
ConstraintValue (Abstract type: pass one of the following concrete types) CidrArrayConstraintValue IntegerArrayConstraintValue StringArrayConstraintValue |
|
| value_constraint | Value Constraint Values to apply the conditional constraint on target. |
ValueConstraintExpression | Required |
ConfigOnboardingConflictRequest (schema)
Config onboarding conflict Request
Config onboarding request to verify conflicts in onboarding configuration
on global manager for a site.
| Name | Description | Type | Notes |
|---|---|---|---|
| prefix | Prefix string User provided prefix string to resolve conflicting site entities. |
string | Readonly |
| site_id | Site Id Site Id. |
string | Readonly |
| suffix | Suffix string User provided suffix string to resolve conflicting site entities. |
string |
ConfigOnboardingConflictStatus (schema)
Config onboarding conflict status
Represents config onboarding conflict status on Global Manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| details | OnboardingFeatureInfo | Readonly | |
| gm_details | GmConfigOnboardingConflictEntityInfo | Readonly | |
| site_id | Site Id Site identifier of the site being onboarded. |
string | Required Readonly |
| status | OnboardingConflictStatus | Required Readonly |
ConfigOnboardingError (schema)
Config Onboarding Error
Represents error details in case of system fail to onboard site
configuration on global manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| error_code | Error Code Error code for errors found during onboarding process. |
integer | Readonly |
| error_message | Error message Failure reason during onboarding process. |
string | Readonly |
ConfigOnboardingInProgressStatus (schema)
Config Onboarding in-progress status
Represents config onboarding status including processing phase compared to
of total number of phases to complete config onboarding.
| Name | Description | Type | Notes |
|---|---|---|---|
| current_step | Current Onboarding Step Represent intermidiate phase when onboarding or rollback is in-progress on global manager. |
integer | Readonly |
| feature | OnboardingFeatureInfo | Readonly | |
| stage | OnboardingStage | Readonly | |
| total_steps | Total number of Onboarding Steps Total number of phases involved in onboarding workflow. |
integer | Readonly |
ConfigOnboardingRequest (schema)
Config onboarding Request
Config onboarding request to initiate onboarding workflow on global manager
for a site.
| Name | Description | Type | Notes |
|---|---|---|---|
| prefix | Prefix string User provided prefix string to resolve conflicting site entities. |
string | Readonly |
| site_backup_reference | Site Backup Reference Site backup image details to hint user to restore site before starting onboarding process. |
string | Required Readonly |
| site_id | Site Id Site Id. |
string | Readonly |
| suffix | Suffix string User provided suffix string to resolve conflicting site entities. |
string |
ConfigOnboardingStatus (schema)
Config on-boarding status
Represents config onboarding status on Global Manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| details | ConfigOnboardingStatusDetails | Readonly | |
| site_id | Site Id Site identifier of the site being onboarded. |
string | Required Readonly |
| status | OnboardingStatus | Required Readonly |
|
| supported_features | List of supported features List of supported features on global manager. |
array of OnboardingFeatureInfo | Readonly |
| timestamp | Status Timestamp Onboarding status as of current timestamp. |
EpochMsTimestamp | Required |
| unsupported_features | List of unsupported features List of unsupported features on global manager. |
array of OnboardingFeatureInfo | Readonly |
ConfigOnboardingStatusDetails (schema)
Config on-boarding status details
Represents config on-boarding progress phase details per feature
information with progress metric like completed entity count against total
number of entities.
| Name | Description | Type | Notes |
|---|---|---|---|
| error_messages | array of ConfigOnboardingError | Readonly | |
| import_progress | ConfigOnboardingInProgressStatus | Readonly | |
| revert_progress | ConfigOnboardingInProgressStatus | Readonly | |
| site_backup_reference | Site Backup Reference Site backup image details to hint user to restore site before starting onboarding process. |
string | Readonly |
ConfigState (schema)
Config State
Configuration State. | SANDBOXED_REALIZATION_PENDING - This is applicable to only Global intent in the NSX+ platform. The intent in this state indicates that the Global intent is having a conflict with local intent in the corresponding site and it is sandboxed in an intent logical store. Also the realization is pending until the conflict is resolved. Policy Alarm will be genereated and notified to the NSX+ admin to alert the user to take action to resolve the conflicts.
| Name | Description | Type | Notes |
|---|---|---|---|
| ConfigState | Config State Configuration State. | SANDBOXED_REALIZATION_PENDING - This is applicable to only Global intent in the NSX+ platform. The intent in this state indicates that the Global intent is having a conflict with local intent in the corresponding site and it is sandboxed in an intent logical store. Also the realization is pending until the conflict is resolved. Policy Alarm will be genereated and notified to the NSX+ admin to alert the user to take action to resolve the conflicts. |
string | Enum: SUCCESS, IN_PROGRESS, ERROR, UNKNOWN, UNINITIALIZED, SANDBOXED_REALIZATION_PENDING |
ConfigurationState (schema)
Describes status of configuration of an entity
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Array of configuration state of various sub systems | array of ConfigurationStateElement | Readonly |
| failure_code | Error code | integer | Readonly |
| failure_message | Error message in case of failure | string | Readonly |
| state | Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated. |
string | Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE, ADVANCED_CONFIG_EDIT_PENDING, DUPLICATE_VLANS_SHARING_SAME_PNIC, MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, REDEPLOY_ACTIVITY_FAILED, REDEPLOY_ACTIVITY_IN_PROGRESS, REDEPLOY_ACTIVITY_SCHEDULED, REDEPLOY_ACTIVITY_SUCCESSFUL, REPLACE_ACTIVITY_FAILED, REPLACE_ACTIVITY_IN_PROGRESS, REPLACE_ACTIVITY_SCHEDULED, REPLACE_ACTIVITY_SUCCESSFUL, REPLACED_RPC_CLIENT_OF_TN, RETRYING_REPLACE, UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR, VM_REDEPLOY_FAILED, VM_RESOURCE_RESERVATION_EDIT_PENDING, REDEPLOYED_VM_REGISTRATION_PENDING |
ConfigurationStateElement (schema)
Describes status of configuration of an entity
| Name | Description | Type | Notes |
|---|---|---|---|
| failure_code | Error code | integer | Readonly |
| failure_message | Error message in case of failure | string | Readonly |
| state | State of configuration on this sub system | string | Required Readonly Enum: in_progress, success, failed, partial_success, in_sync, VM_DEPLOYMENT_FAILED, VM_POWER_ON_FAILED, VM_POWER_OFF_FAILED, VM_UNDEPLOY_FAILED, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, EDGE_CONFIG_ERROR, REGISTRATION_FAILED, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_NETWORK_EDIT_PENDING, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, NOT_AVAILABLE, REGISTRATION_TIMEDOUT, ADVANCED_CONFIG_EDIT_FAILED, VM_RESOURCE_RESERVATION_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, pending, orphaned, unknown, error, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_POWER_ON_IN_PROGRESS, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_SUCCESSFUL, VM_DEPLOYMENT_RESTARTED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_READY, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, ADVANCED_CONFIG_EDIT_PENDING, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_FOR_NON_LCM_EDGE, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_IN_PROGRESS, DUPLICATE_VLANS_SHARING_SAME_PNIC, MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, REDEPLOY_ACTIVITY_FAILED, REDEPLOY_ACTIVITY_IN_PROGRESS, REDEPLOY_ACTIVITY_SCHEDULED, REDEPLOY_ACTIVITY_SUCCESSFUL, REPLACE_ACTIVITY_FAILED, REPLACE_ACTIVITY_IN_PROGRESS, REPLACE_ACTIVITY_SCHEDULED, REPLACE_ACTIVITY_SUCCESSFUL, REPLACED_RPC_CLIENT_OF_TN, RETRYING_REPLACE, UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR, VM_REDEPLOY_FAILED, VM_RESOURCE_RESERVATION_EDIT_PENDING, REDEPLOYED_VM_REGISTRATION_PENDING |
| sub_system_address | URI of backing resource on sub system | string | Readonly |
| sub_system_id | Identifier of backing resource on sub system | string | Readonly |
| sub_system_name | Name of backing resource on sub system | string | Readonly |
| sub_system_type | Type of backing resource on sub system | string | Readonly |
ConflictingEntityListResponse (schema)
List of Features with conflict information
| Name | Description | Type | Notes |
|---|---|---|---|
| example | Conflict example Conflict example |
OnboardingFeatureInfo | Readonly |
| feature_compability_data | array of FeatureCompatibilityInfo | Readonly Maximum items: 100 |
|
| feature_descendants | array of FeatureConflictInfo | Readonly | |
| feature_summary | FeatureSummary | Readonly | |
| infra_descendants | array of FeatureConflictInfo | Readonly |
ConjunctionOperator (schema)
Represents the operators AND or OR
Represents the operators AND or OR.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| conjunction_operator | Conjunction Operator Node | string | Required Enum: OR, AND |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ConjunctionOperator | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ConnectivityAdvancedConfig (schema)
Advanced configuration for Policy connectivity
| Name | Description | Type | Notes |
|---|---|---|---|
| connectivity | Connectivity configuration Connectivity configuration to manually connect (ON) or disconnect (OFF) Tier-0/Tier1 segment from corresponding gateway. This property does not apply to VLAN backed segments. VLAN backed segments with connectivity OFF does not affect its layer-2 connectivity. |
string | Enum: ON, OFF Default: "ON" |
ConsolidatedAPIListRequestParameters (schema)
Consolidated effective IP addresses API list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| ip_filter | An IPAddress or subnet for filtering the results. This filter can be used to verify an ip membership in the effective results |
IPElement | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| site_id | UUID of the site from which the effective IP addresses are to be fetched | string | |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ConsolidatedEffectiveIPAddressMemberListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of site wise consolidated effective ip addresses for the given NSGroup | array of EffectiveIPInfo | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ConsolidatedEffectiveIPListRequestParameters (schema)
Consolidated API Realization list request params
List request params for the pass through type api that get data from the
Enforcement point. Enforcement point is mandatory for this request.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point on which the API needs to be executed. Forward slashes must be escaped using %2F. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| ip_filter | An IPAddress or subnet for filtering the results. This filter can be used to verify an ip membership in the effective results |
IPElement | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| site_id | UUID of the site from which the effective IP addresses are to be fetched | string | |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ConsolidatedRealizedStatus (schema)
Consolidated Realized Status for an Intent Object
Consolidated Realized Status of an intent object across enforcement points.
| Name | Description | Type | Notes |
|---|---|---|---|
| consolidated_status | Consolidated Realized Status Consolidated Realized Status across enforcement points. |
ConsolidatedStatus | Readonly |
| consolidated_status_per_enforcement_point | List of Consolidated Realized Status per Enforcement Point List of Consolidated Realized Status per enforcement point. |
array of ConsolidatedStatusPerEnforcementPoint | Readonly |
| intent_path | String Path of the intent object Intent path of object, forward slashes must be escaped using %2F. |
string | Required Readonly |
| intent_version | Intent version for the status Represent highest intent version across all realized objects |
string | Readonly |
| publish_status | Aggregated Realization state of this object | string | Required Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR |
| publish_time | Publish time of the intent This is the time when our system detects that data has been pushed to the transport nodes. This is based on a poll mechanism and hence this is not the accurate time when the intent was published at the data path. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the publish_time will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for publish_time |
EpochMsTimestamp | Readonly Sortable |
| site_uuid | id of Site Site UUID supplied for realized site. |
string | |
| time_taken_for_realization | Appoximate time taken in milliseconds for end to end realization. This is an approximate time taken for the realization of the intent to the data path. The actual time taken could be lesser than what is reported here. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the time taken for realization will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for time_taken_for_realization. |
integer |
ConsolidatedStatus (schema)
Consolidated Status
Consolidated Status of an intent object. Status Consolidation of an intent happens at
multiple levels:
- Per Enforcement Point: calculation of the consolidated status is performed using all
realized entities that the intent objet maps to on a specific enforcement point.
- Across Enforcement Points: calculation of the consolidated status is performend
aggregating the consolidated status from each enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| consolidated_status | Consolidated Realized Status Consolidated Realized Status of an intent object. |
ConfigState | Readonly |
ConsolidatedStatusNsxT (schema)
NSX-T Consolidated Status
Detailed Realized Status of an intent object on an NSX-T type of enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| alarm | Alarm Information Details Alarm information details. |
PolicyRuntimeAlarm | Readonly |
| consolidated_status | Consolidated Realized Status Consolidated Realized Status of an Intent object per enforcement point. |
ConsolidatedStatus | Readonly |
| enforced_status | Enforced Realized Status Detailed Realized Status inherent to an NSX-T Enforcement Point. |
EnforcedStatusDetailsNsxT | Readonly |
| enforcement_point_id | Enforcement Point Id Enforcement Point Id. |
string | Readonly |
| enforcement_point_path | Enforcement point Path Policy Path referencing the enforcement point where the info is fetched. |
string | Readonly |
| resource_type | Must be set to the value ConsolidatedStatusNsxT | string | Required |
| site_path | Site Path The site where this enforcement point resides. |
string | Readonly |
ConsolidatedStatusPerEnforcementPoint (schema)
Consolidated Realized Status Per Enforcement Point
Consolidated Realized Status Per Enforcement Point.
| Name | Description | Type | Notes |
|---|---|---|---|
| alarm | Alarm Information Details Alarm information details. |
PolicyRuntimeAlarm | Readonly |
| consolidated_status | Consolidated Realized Status Consolidated Realized Status of an Intent object per enforcement point. |
ConsolidatedStatus | Readonly |
| enforcement_point_id | Enforcement Point Id Enforcement Point Id. |
string | Readonly |
| enforcement_point_path | Enforcement point Path Policy Path referencing the enforcement point where the info is fetched. |
string | Readonly |
| resource_type | Must be set to the value ConsolidatedStatusPerEnforcementPoint | string | Required |
| site_path | Site Path The site where this enforcement point resides. |
string | Readonly |
ConstantFieldValue (schema)
Constant Field Value
Constant Field Value.
| Name | Description | Type | Notes |
|---|---|---|---|
| constant | Constant Value Constant Value that the field must be set to. |
object | |
| resource_type | Must be set to the value ConstantFieldValue | string | Required Enum: ConstantFieldValue |
Constraint (schema)
Constraint definition.
Constraint object to constraint any attribute on a resource based on
specified expression.
Example- Restrict the allowed services in Edge Communication Entry to list of
services, if the destinationGroups contain vCenter.
{
"target":{
"target_resource_type":"CommunicationEntry",
"attribute":"services",
"path_prefix":"/infra/domains/vmc-domain/edge-communication-maps/default/communication-entries"
}
"constraint_expression":{
"related_attribute":{
"attribute":"destinationGroups"
}
"condition":{
"operator":"INCLUDES",
"rhs_value":{"vCenter"}
"value_constraint":{
"operator":"ALLOW",
"values":{"/ref/services/HTTPS", "/ref/services/HTTOP", ...}
}
}
}
}
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| constraint_expression | Expression to constrain the target attribute value. This property is deprecated. Please use the "constraint_expressions" property instead to specify one or more constraint expressions. If this property is populated, then the "constraint_expressions" value is ignored. |
ConstraintExpression (Abstract type: pass one of the following concrete types) EntityInstanceCountConstraintExpression FieldSanityConstraintExpression RelatedAttributeConditionalExpression ValueConstraintExpression |
Deprecated |
| constraint_expressions | Expressions to constrain the target attribute value. | array of ConstraintExpression (Abstract type: pass one of the following concrete types) EntityInstanceCountConstraintExpression FieldSanityConstraintExpression RelatedAttributeConditionalExpression ValueConstraintExpression |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| message | User friendly message to be shown to users upon violation. | string | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Constraint | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| target | Target resource attribute details. This property is deprecated. Please use the "targets" property instead to specify one or more targets. If this property is populated, then the "targets" value is ignored. |
ConstraintTarget | Deprecated |
| target_owner_type | Constraint target's owner type | string | Enum: GM, LM, ALL |
| targets | Collection of target resources attribute details. | array of ConstraintTarget | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ConstraintExpression (schema)
Base class for constraint expression
All the types of the expression extend from this abstract class.
This is present for extensibility.
This is an abstract type. Concrete child types:
EntityInstanceCountConstraintExpression
FieldSanityConstraintExpression
RelatedAttributeConditionalExpression
ValueConstraintExpression
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value ConstraintExpression | string | Required Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ConstraintGlobalConfig (schema)
Global Constraint configuration
Global Constraint configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| include_system_resources | Include policy resources that are created by system in EntityInstanceCountConstraintExpression constraint If true, resources that are created by the system (i.e create_user set to SYSTEM_USER) will be included as part of counting the created entity instances while evaulating the EntityInstanceCountConstraintExpression type constraint. By default, these resources are not included as part of evaluating the count expression |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ConstraintGlobalConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ConstraintListResult (schema)
Paged Collection of Constraints
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Constraint list results | array of Constraint | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ConstraintTarget (schema)
Resource attribute on which constraint should be applied.
Resource attribute on which constraint should be applied.
Example - sourceGroups attribute of Edge CommunicationEntry to be
restricted, is given as:
{
"target_resource_type":"CommunicationEntry",
"attribute":"sourceGroups",
"path_prefix":"/infra/domains/vmc-domain/edge-communication-maps/default/communication-entries"
}
| Name | Description | Type | Notes |
|---|---|---|---|
| attribute | Attribute name of the target entity. | string | |
| path_prefix | Path prefix of the entity to apply constraint.
Path prefix of the entity to apply constraint. It should be a valid string prefix for policy path. This is required to further disambiguiate if multiple policy entities share the same resource type. Example - Edge FW and DFW use the same resource type CommunicationMap, CommunicationEntry, Group, etc. For multi-tenancy path-prefixes (i.e. path starting with /orgs) following values are supported: 1. When constraint is created under '/infra/constraints/' OR under '/orgs/ value is supported. 2. When constraint is created under custom project i.e. '/orgs/ then '/orgs/ |
string | |
| target_resource_type | Resource type of the target entity. This is required in case the
constraint expressions do not specify target resource type.
Target resource type accepts input as DTO Type and or FQDN. It also supports dot format like SecurityPolicy.Rule in a scenario where same DTO type shared across across policy sub tree. For example DTO type Rule shared by both security policy and gateway policy rules. So to specify any constraint for Security policy rule, user can define the target resource type as SecurityPolicy.Rule. |
string |
ConstraintValue (schema)
Base class for each value configuration
All the types of value extend from this abstract class. This
is present for extensibility.
This is an abstract type. Concrete child types:
CidrArrayConstraintValue
IntegerArrayConstraintValue
StringArrayConstraintValue
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | string | Required Enum: StringArrayConstraintValue, CidrArrayConstraintValue, IntegerArrayConstraintValue |
ContainerApplicationInstanceGroupAssociationRequestParams (schema)
List request parameters containing ContainerApplicationInstance(pod) id and enforcement point path
List request parameters containing ContainerApplicationInstance(pod) id and enforcement point path
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| pod_id | ContainerApplicationInstance | string | Required |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ContainerConfiguration (schema)
Container that holds widgets
Represents a container to group widgets that belong to a common category or have a common purpose.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| header | Header | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| labels | Labels Labels for the container. |
array of Label | Minimum items: 0 |
| layout | Layout of widgets inside container Layout of widgets can be either vertical or horizontal. If layout is not specified a default horizontal layout is applied. This property is deprecated. Now the layout inside the container can be taken care with the help of 'rowspan' and 'colspan' property. |
Layout | Deprecated |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. |
string | Maximum length: 1024 |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value ContainerConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
| widgets | Widgets held by the container If not specified, creates an empty container. |
array of WidgetItem | Minimum items: 0 |
ContainerListRequestParameters (schema)
Realization list request params
List request params for the pass through type api that get data from the Antrea Cluster.
| Name | Description | Type | Notes |
|---|---|---|---|
| cluster_id | Cluster ID ID of the cluster to query |
string | |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F. |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ContentFilterValue (schema)
Support bundle content filter allowed values
| Name | Description | Type | Notes |
|---|---|---|---|
| ContentFilterValue | Support bundle content filter allowed values | string | Enum: ALL, DEFAULT, REMOVE_CORE_FILES, EAL4_AUDIT |
ContextProfileAttributesMetadata (schema)
Key value structure for holding metadata of context profile attributes
| Name | Description | Type | Notes |
|---|---|---|---|
| key | Key for metadata | string | Required |
| value | Value for metadata key | string | Required |
ContinueRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component to upgrade. Hints NSX to upgrade a specific component. |
string | |
| skip | Skip to upgrade of next component. | boolean | Default: "False" |
CookiePersistenceModeType (schema) (Deprecated)
cookie persistence mode
If the persistence cookie is found in the incoming request, value of the
cookie is used to identify the server that this request should be sent to.
If the cookie is not found, then the server selection algorithm is used to
select a new server to handle that request.
Three different modes of cookie persistence are supported: insert, prefix
and rewrite.
In cookie insert mode, a cookie is inserted by load balancer in the HTTP
response going from server to client.
In cookie prefix and rewrite modes, server controls the cookie and load
balancer only manipulates the value of the cookie. In prefix mode, server's
cookie value is prepended with the server IP and port and then sent to the
client. In rewrite mode, entire server's cookie value is replaced with the
server IP and port in the response before sending it to the client.
| Name | Description | Type | Notes |
|---|---|---|---|
| CookiePersistenceModeType | cookie persistence mode If the persistence cookie is found in the incoming request, value of the cookie is used to identify the server that this request should be sent to. If the cookie is not found, then the server selection algorithm is used to select a new server to handle that request. Three different modes of cookie persistence are supported: insert, prefix and rewrite. In cookie insert mode, a cookie is inserted by load balancer in the HTTP response going from server to client. In cookie prefix and rewrite modes, server controls the cookie and load balancer only manipulates the value of the cookie. In prefix mode, server's cookie value is prepended with the server IP and port and then sent to the client. In rewrite mode, entire server's cookie value is replaced with the server IP and port in the response before sending it to the client. |
string | Deprecated Enum: INSERT, PREFIX, REWRITE |
CopyFromRemoteFileProperties (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| port | Server port | integer | Minimum: 1 Maximum: 65535 |
| protocol | Protocol to use to copy file | Protocol (Abstract type: pass one of the following concrete types) HttpProtocol HttpsProtocol ScpProtocol SftpProtocol |
Required |
| server | Remote server hostname or IP address | string | Required Pattern: "^.+$" |
| uri | URI of file to copy | string | Required |
CopyRemoteFileProperties (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| port | Server port | integer | Minimum: 1 Maximum: 65535 |
| server | Remote server hostname or IP address | string | Required Pattern: "^.+$" |
| uri | URI of file to copy | string | Required |
CopyToRemoteFileProperties (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| port | Server port | integer | Minimum: 1 Maximum: 65535 |
| protocol | Protocol to use to copy file Only scp and sftp may be used. |
Protocol (Abstract type: pass one of the following concrete types) HttpProtocol HttpsProtocol ScpProtocol SftpProtocol |
Required |
| server | Remote server hostname or IP address | string | Required Pattern: "^.+$" |
| uri | URI of file to copy | string | Required |
CoreDumpConfig (schema)
Node core dump config
Node core dump config
| Name | Description | Type | Notes |
|---|---|---|---|
| global_file_limit | Core dump file persistence config global limit | integer | Minimum: 0 Default: "2" |
| global_frequency_threshold | Core dump files frequency threshold config in seconds, set 0 to disable | integer | Minimum: 0 Default: "600" |
| process_config | Core dump config per process limit | array of CoreDumpProcessConfig |
CoreDumpProcessConfig (schema)
Core dump process config
| Name | Description | Type | Notes |
|---|---|---|---|
| limit | Core dump process limit | integer | Required |
| process_name | Core dump process name | string | Required |
CpuUsage (schema)
CPU usage of DPDK and non-DPDK cores
| Name | Description | Type | Notes |
|---|---|---|---|
| avg_cpu_core_usage_dpdk | Average utilization of all DPDK cores Indicates the average usage of all DPDK cores in percentage. |
number | Readonly |
| avg_cpu_core_usage_non_dpdk | Average usage of all non-DPDK cores Indicates the average usage of all non-DPDK cores in percentage. |
number | Readonly |
| highest_cpu_core_usage_dpdk | Highest CPU utilization value among DPDK cores Indicates the highest CPU utilization value among DPDK cores in percentage. |
number | Readonly |
| highest_cpu_core_usage_non_dpdk | Highest CPU utilization value among non-DPDK cores Indicates the highest cpu utilization value among non_dpdk cores in percentage. |
number | Readonly |
CreateRemoteDirectoryProperties (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| port | Server port | integer | Minimum: 1 Maximum: 65535 |
| protocol | Protocol to use to copy file | SftpProtocol | Required |
| server | Remote server hostname or IP address | string | Required Pattern: "^.+$" |
| uri | URI of file to copy | string | Required |
Criterion (schema)
Event Criterion
Event Criterion is the logical evaluations by which the event may
be deemed fulfilled. All the evaluations must be met in order for
the criterion to be met (implicit AND).
| Name | Description | Type | Notes |
|---|---|---|---|
| evaluations | Criterion Evaluations Criterion Evaluations. |
array of Evaluation (Abstract type: pass one of the following concrete types) SourceFieldEvaluation |
Required Minimum items: 1 |
Crl (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| crl_type | Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default). |
string | Enum: OneCRL, X509 Default: "X509" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| details | Details of the X509Crl object. | X509Crl | Readonly |
| details_revoked_by_issuer_and_serial_number | Certificates revoked by issuer and serial number | array of IssuerSerialNumber | Readonly |
| details_revoked_by_subject_and_public_key_hash | Certificates revoked by subject and public key hash | array of SubjectPublicKeyHash | Readonly |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| one_crl | JSON-encoded OneCRL-like object | string | |
| pem_encoded | PEM encoded CRL data. | string | |
| resource_type | Must be set to the value Crl | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
CrlDistributionPoint (schema)
Reference to a CRL Distribution Point where to fetch a CRL
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| cdp_uri | CDP URI CRL Distribution Point URI where to fetch the CRL. |
string | Required Readonly Maximum length: 255 |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| issuer | Issuer Issuer of the CRL, referring to the CA. |
string | Required Readonly Maximum length: 255 |
| resource_type | Must be set to the value CrlDistributionPoint | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
CrlDistributionPointList (schema)
CrlDistributionPoint query result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | CrlDistributionPoint list. | array of CrlDistributionPoint | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
CrlDistributionPointStatus (schema)
Reference to a CRL Distribution Point where to fetch a CRL
| Name | Description | Type | Notes |
|---|---|---|---|
| error_message | Error Message Error message when fetching the CRL failed. |
string | Readonly |
| status | Status Status of the fetched CRL for this CrlDistributionPoint |
CdpStatusType | Required Readonly |
CrlList (schema)
Crl queries result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | CRL list. | array of Crl | Required Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
CrlObjectData (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| crl_type | Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default). |
string | Enum: OneCRL, X509 Default: "X509" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| one_crl | JSON-encoded OneCRL-like object | string | |
| pem_encoded | PEM encoded CRL data. | string | |
| resource_type | Must be set to the value CrlObjectData | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
CrlPemRequestType (schema)
Request Type to get a CRL's PEM file.
| Name | Description | Type | Notes |
|---|---|---|---|
| cdp_uri | CDP URI CRL Distribution Point URI where to fetch the CRL. |
string | Required Readonly Maximum length: 255 |
CrossSiteFlowInfo (schema)
Information about config flow in federation
Represents details of the config flow between sites.
Federation has the following flows
- Global Manager to Local Manager (GM -> LM)
- Local Manager to Glocal Manager (LM -> GM)
- Global Manager Active to Glocal Manager Standby (GM -> GM)
- Local Manager to Local Manager (LM -> LM)
| Name | Description | Type | Notes |
|---|---|---|---|
| from_site_id | Site id of the source | string | |
| from_site_path | Source site policy path | string | |
| full_sync_info | Full sync information for the flow | FullSyncInfo | |
| latency_measured_ts | Timestamp of latency measurement | integer | |
| latency_millis | Latency from source to destination site in milli seconds | integer | |
| leader_node_id | Local leader node id sharded for this remote site. | string | |
| status | Overall status of the flow | string | Enum: GOOD, DISCONNECTED, RECOVERY, ERROR, UNKNOWN, NOT_READY |
| to_site_id | Site id of the destination | string | |
| to_site_path | Destination site policy path | string |
CryptoAlgorithm (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| key_size | Supported key sizes for the algorithm. | array of KeySize | Required Readonly |
| name | Crypto algorithm name. | string | Required Readonly |
CryptoEnforcement (schema)
Action for crypto enforcement
If enforced and if TLS protocol Client/Server Hello has none of the
permitted TLS versions or ciphers then the connection is immediately terminated.
| Name | Description | Type | Notes |
|---|---|---|---|
| CryptoEnforcement | Action for crypto enforcement If enforced and if TLS protocol Client/Server Hello has none of the permitted TLS versions or ciphers then the connection is immediately terminated. |
string | Readonly Enum: ENFORCE, TRANSPARENT |
CspConfig (schema)
CSP authentication configuration
Extra OIDC configuration relevant only for CSP endpoints.
| Name | Description | Type | Notes |
|---|---|---|---|
| additional_org_ids | Additional orginzation IDs A list of organization IDs. CSP tokens must be associated with one of these organizations, or the customer_org_id, in order to be considered valid. |
array of string | |
| customer_org_id | Customer organization ID | string |
Csr (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| algorithm | Cryptographic algorithm (asymmetric) used by the public key for data encryption. | string | Enum: RSA, EC Default: "RSA" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_ca | Whether the CSR is for a CA certificate. | boolean | Default: "False" |
| key_size | Size measured in bits of the public key used in a cryptographic algorithm. | integer | Default: "4096" |
| pem_encoded | PEM encoded certificate data. | string | Readonly |
| resource_type | Must be set to the value Csr | string | |
| subject | The certificate owner's information. (CN, O, OU, C, ST, L) | Principal | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
CsrExt (schema)
Extended certificate signing request body
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| algorithm | Cryptographic algorithm (asymmetric) used by the public key for data encryption. | string | Enum: RSA, EC Default: "RSA" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| extensions | X509 extensions to add X509 v3 extensions to be added to a CSR. |
CsrExtensions | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| is_ca | Whether the CSR is for a CA certificate. | boolean | Default: "False" |
| key_size | Size measured in bits of the public key used in a cryptographic algorithm. | integer | Default: "4096" |
| pem_encoded | PEM encoded certificate data. | string | Readonly |
| resource_type | Must be set to the value CsrExt | string | |
| subject | The certificate owner's information. (CN, O, OU, C, ST, L) | Principal | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
CsrExtensions (schema)
Collection of various x509 v3 extensions to be added to a CSR
| Name | Description | Type | Notes |
|---|---|---|---|
| subject_alt_names | Subject alternative names Subject alternative names of the CSR |
SubjectAltNames | Readonly |
CsrList (schema)
Csr queries result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | CSR list. | array of Csr | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
CsrWithDaysValid (schema)
CSR data with days valid
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| algorithm | Cryptographic algorithm (asymmetric) used by the public key for data encryption. | string | Enum: RSA, EC Default: "RSA" |
| days_valid | Number of days the certificate will be valid, default 825 days | integer | Minimum: 1 Maximum: 10000 Default: "825" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_ca | Whether the CSR is for a CA certificate. | boolean | Default: "False" |
| key_size | Size measured in bits of the public key used in a cryptographic algorithm. | integer | Default: "4096" |
| pem_encoded | PEM encoded certificate data. | string | Readonly |
| resource_type | Must be set to the value CsrWithDaysValid | string | |
| subject | The certificate owner's information. (CN, O, OU, C, ST, L) | Principal | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
CsvListResult (schema)
Base type for CSV result.
| Name | Description | Type | Notes |
|---|---|---|---|
| file_name | File name File name set by HTTP server if API returns CSV result as a file. |
string |
CsvRecord (schema)
Base type for CSV records.
| Name | Description | Type | Notes |
|---|---|---|---|
| CsvRecord | Base type for CSV records. | object |
CurrentBackupOperationStatus (schema)
Current backup operation status
| Name | Description | Type | Notes |
|---|---|---|---|
| backup_id | Unique identifier of current backup | string | |
| current_step | Current step of operation | string | Enum: BACKUP_CREATING_CLUSTER_BACKUP, BACKUP_CREATING_NODE_BACKUP |
| current_step_message | Additional human-readable status information about current step | string | |
| end_time | Time when operation is expected to end | EpochMsTimestamp | |
| operation_type | Type of operation that is in progress. Returns none if no operation is in progress, in which case none of the other fields will be set. | string | Enum: NONE, BACKUP |
| start_time | Time when operation was started | EpochMsTimestamp |
CustomAttributeAction (schema)
Request Parameters for Custom Context Profile Attributes
Request Parameter which specify action to either add or remove the custom values.
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Add or Remove Custom Context Profile Attribute values. Action parameter determines whether to add or remove Custom Context Profile Attribute values. |
string | Required Enum: add, remove |
CustomFilterWidgetConfiguration (schema)
Custom Filter widget Configuration
Represents configuration for custom filter widget. For this widget the data source is not applicable. It defines ui identifer for filter UI component and render it on dashboard view. This configuration can only be used for system owned widgets.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alias | Alias to be used when emitting filter value Alias to be used when emitting filter value. |
string | |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value CustomFilterWidgetConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| ui_component_identifier | UI identifier for filter component to be rendered inside view/container User defined filter component selector to be rendered inside view/container. |
string | Required |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
CustomWidgetConfiguration (schema)
Custom widget Configuration
Represents configuration for custom widget. For this widget the data source is not applicable. It defines ui identifer to identify UI component and render it on dashboard view. This configuration can only be used for system owned widgets.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value CustomWidgetConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| ui_component_identifier | UI identifier for component to be rendered inside view/container User defined component selector to be rendered inside view/container. |
string | |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
CvxConnectionInfo (schema)
CVX Connection Info
Credential info to connect to a CVX type of enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_address | Enforcement Point Address Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be "10.192.1.1" - On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789" - On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi" |
string | Required |
| password | Password Password. |
secure_string | Required |
| resource_type | Must be set to the value CvxConnectionInfo | string | Required Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo |
| thumbprint | Thumbprint of Enforcement Point Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. |
string | |
| username | Username Username. |
secure_string | Required |
DADMode (schema)
DAD Mode
Duplicate address detection modes.
| Name | Description | Type | Notes |
|---|---|---|---|
| DADMode | DAD Mode Duplicate address detection modes. |
string | Enum: LOOSE, STRICT |
DADStatus (schema)
DAD Status
Duplicate address detection status for IP address on port.
| Name | Description | Type | Notes |
|---|---|---|---|
| DADStatus | DAD Status Duplicate address detection status for IP address on port. |
string | Enum: DUPLICATED, TENTATIVE, ASSIGNED, NOT_APPLICABLE, UNKNOWN |
DNSForwarderStatisticsPerEnforcementPoint (schema)
DNS forwarder statistics per enforcement point
DNS forwarder statistics per enforcement point.
This is an abstract type. Concrete child types:
NsxTDNSForwarderStatistics
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | Enforcement point path Policy path referencing the enforcement point from where the statistics are fetched. |
string | Readonly |
| resource_type | string | Required Enum: NsxTDNSForwarderStatistics |
DNSForwarderStatusPerEnforcementPoint (schema)
DNS forwarder status per enforcement point
DNS forwarder status per enforcement point.
This is an abstract type. Concrete child types:
NsxTDNSForwarderStatus
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | Enforcement point path Policy path referencing the enforcement point from where the status is fetched. |
string | Readonly |
| resource_type | string | Required Enum: NsxTDNSForwarderStatus |
DataCounter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dropped | The dropped packets or bytes | integer | |
| multicast_broadcast | The multicast and broadcast packets or bytes | integer | |
| total | The total packets or bytes | integer | Required |
DataSourceParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| source | The data source, either realtime or cached. If not provided, cached data is returned. | DataSourceType |
DataSourceType (schema)
Data source type.
| Name | Description | Type | Notes |
|---|---|---|---|
| DataSourceType | Data source type. | string | Enum: realtime, cached |
Datasource (schema)
Datasource Instance
An instance of a datasource configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| display_name | Datasource instance's display name Name of a datasource instance. |
string | Required Maximum length: 255 |
| keystore_info | Key Store Info Key Store information for all the url aliases defined in datasource. Use this property if key store information is same for each url aliases in the datasource. |
KeyStoreInfo | |
| urls | Array of relative urls and their aliases Array of urls relative to the datasource configuration. For example, api/v1/fabric/nodes is a relative url of nsx-manager instance. |
array of UrlAlias | Required |
DatetimeUTC (schema)
Datetime string in UTC
Datetime string in UTC in the RFC3339 format 'yyyy-mm-ddThh:mm:ssZ'
| Name | Description | Type | Notes |
|---|---|---|---|
| DatetimeUTC | Datetime string in UTC Datetime string in UTC in the RFC3339 format 'yyyy-mm-ddThh:mm:ssZ' |
string |
DecryptionFailAction (schema)
TLS handshake fail action
Action to take when TLS handshake fails.
| Name | Description | Type | Notes |
|---|---|---|---|
| DecryptionFailAction | TLS handshake fail action Action to take when TLS handshake fails. |
string | Readonly Enum: BLOCK, BYPASS |
DedicatedResources (schema)
Dedicated Resources to Project for Logging
To assign dedicated resources from default project to custom project for logging.
Resources dedicated to this project for logging cannot be dedicated to other projects.
| Name | Description | Type | Notes |
|---|---|---|---|
| tier_0s | Array of Tier0s paths or label path dedicated to this Project for logging. Logs for Tier0s mentioned will have this project's context. Tier0s or labels mentioned under dedicated_resources should also be part of tier_0s under project payload. Label should have reference of Tier0 path. |
array of string |
DefaultFilterValue (schema)
Default filter values
An instance of a datasource configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| alias | Filter alias Filter alias. |
string | Required |
| value | Filter default value Filter default value. |
string | Required |
DeleteRequestParameters (schema)
Parameters that affect how delete operations are processed
| Name | Description | Type | Notes |
|---|---|---|---|
| force | Force delete the resource even if it is being used somewhere
If true, deleting the resource succeeds even if it is being referred as a resource reference. |
boolean | Default: "False" |
DependentServices (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dependent_services | List of firewall dependent services List of firewall dependent services. |
array of string |
DeploymentZone (schema) (Deprecated)
Deployment zone
Logical grouping of enforcement points.
This is a deprecated type. DeploymentZone has been renamed to Site.
Use Site.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enforcement_points | Logical grouping of enforcement points | array of EnforcementPoint | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DeploymentZone | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DfwDropCounters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| rx_dropped | Number of received packets dropped by firewall. The number of received packets dropped by distributed firewall rules due to rule actions. |
integer | |
| tx_dropped | Number of sent packets dropped by firewall. The number of sent packets dropped by distributed firewall rules due to rule actions. |
integer |
DfwFirewallConfiguration (schema)
DFW Firewall related configurations
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildPolicyExcludeList |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| disable_auto_drafts | Auto draft deactivate flag To deactivate auto drafts, set it to true. By default, auto drafts are enabled. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_firewall | Firewall enable flag If set to true, Firewall is enabled. |
boolean | Default: "True" |
| global_addrset_mode_enabled | A flag to indicate if global address set is enabled in DFW When this flag is set to true, global address set is enabled in Distributed Firewall. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| idfw_enabled | Identity firewall enable flag If set to true, identity firewall is enabled. |
boolean | Default: "False" |
| idfw_event_log_scraper_enabled | Enable event log scraping Enables event log scraping for Identity firewall. |
boolean | Default: "False" |
| idfw_loginsight_enabled | Enable Loginsight server for Identity Firewall If set to true, collection of login/logout events from Loginsight server is enabled. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DfwFirewallConfiguration | string | Required Enum: DfwFirewallConfiguration |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DhGroup (schema)
Diffie-Hellman groups
Diffie-Hellman groups represent algorithm used to derive shared
keys between IPSec VPN initiator and responder over an
unsecured network.
GROUP2 uses 1048-bit Modular Exponentiation (MODP) group.
GROUP5 uses 1536-bit MODP group.
GROUP14 uses 2048-bit MODP group.
GROUP15 uses 3072-bit MODP group.
GROUP16 uses 4096-bit MODP group.
GROUP19 uses 256-bit Random Elliptic Curve (ECP) group.
GROUP20 uses 384-bit Random ECP group.
GROUP21 uses 521-bit Random ECP group.
| Name | Description | Type | Notes |
|---|---|---|---|
| DhGroup | Diffie-Hellman groups Diffie-Hellman groups represent algorithm used to derive shared keys between IPSec VPN initiator and responder over an unsecured network. GROUP2 uses 1048-bit Modular Exponentiation (MODP) group. GROUP5 uses 1536-bit MODP group. GROUP14 uses 2048-bit MODP group. GROUP15 uses 3072-bit MODP group. GROUP16 uses 4096-bit MODP group. GROUP19 uses 256-bit Random Elliptic Curve (ECP) group. GROUP20 uses 384-bit Random ECP group. GROUP21 uses 521-bit Random ECP group. |
string | Enum: GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21 |
DhcpConfig (schema)
DHCP configuration
DHCP config.
This dhcp configuration can be overriden per subnet.
| Name | Description | Type | Notes |
|---|---|---|---|
| dhcp_relay_config_path | DHCP relay config path Policy path of DHCP-relay-config. If configured then all the subnets will be configured with the DHCP relay server. If not specified, then the local DHCP server will be configured for all connected subnets. |
string | |
| dns_client_config | Dns client configuration Dns configuration |
DnsClientConfig | |
| enable_dhcp | Activate or Deactivate DHCP If activated, the DHCP server will be configured based on IP address type. If deactivated then neither DHCP server nor relay shall be configured. |
boolean |
DhcpDeleteLeaseRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip | IPAddress | Required | |
| mac | MACAddress | Required |
DhcpDeleteLeases (schema)
List of DHCP leases to be deleted
| Name | Description | Type | Notes |
|---|---|---|---|
| leases | List of DHCP leases | array of DhcpDeleteLeaseRequestParameters | Required Minimum items: 1 Maximum items: 100 |
DhcpHeader (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| op_code | Message op code / message type This is used to specify the general type of message. A client sending request to a server uses an op code of BOOTREQUEST, while a server replying uses an op code of BOOTREPLY. |
string | Enum: BOOTREQUEST, BOOTREPLY Default: "BOOTREQUEST" |
DhcpIpPoolUsage (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| allocated_number | allocated number. COULD BE INACCURATE, REFERENCE ONLY. | integer | Required |
| allocated_percentage | allocated percentage. COULD BE INACCURATE, REFERENCE ONLY. | integer | Required |
| dhcp_ip_pool_id | uuid of dhcp ip pool | string | Required |
| pool_size | pool size | integer | Required |
DhcpLeasePerIP (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| expire_time | expire time of the lease | string | |
| ip_address | ip address of client | string | Required |
| lease_time | lease time of the ip address, in seconds | string | |
| mac_address | mac address of client | string | Required |
| start_time | start time of lease | string | Required |
| subnet | subnet of client network | string |
DhcpLeases (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| dhcp_server_id | dhcp server uuid | string | |
| leases | The lease info list of the server | array of DhcpLeasePerIP | Minimum items: 0 Maximum items: 65535 |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
| timestamp | timestamp of the lease info | EpochMsTimestamp |
DhcpLeasesResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| connectivity_path | Policy path to Segment, Tier0 or Tier1 gateway Policy path to Segment, Tier0 or Tier1 gateway where DHCP server is attached. |
string | |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| dhcp_server_id | dhcp server uuid | string | |
| leases | The lease info list of the server | array of DhcpLeasePerIP | Minimum items: 0 Maximum items: 65535 |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
| timestamp | timestamp of the lease info | EpochMsTimestamp |
DhcpOption121 (schema) (Deprecated)
DHCP option 121
DHCP option 121 to define classless static route.
| Name | Description | Type | Notes |
|---|---|---|---|
| static_routes | DHCP classless static routes Classless static route of DHCP option 121. |
array of ClasslessStaticRoute | Required Minimum items: 1 Maximum items: 27 |
DhcpRelayConfig (schema)
DHCP relay configuration
DHCP relay configuration.
Please note, the realized-state of this entity returned by the
"GET /policy/api/v1/infra/realized-state/realized-entity" with this entity
policy-path is irrelevant with the application status of this entity.
Please do not rely on this returned realized-state to determine how this
dhcp-relay-config was applied. The dhcp realization information was
reflected in the realization states of the referencing Segment or T0/T1
gateway.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DhcpRelayConfig | string | |
| server_addresses | DHCP relay addresses DHCP server IP addresses for DHCP relay configuration. Both IPv4 and IPv6 addresses are supported. |
array of IPAddress | Required Maximum items: 8 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DhcpRelayConfigListResult (schema)
Paged collection of DhcpRelayConfigs
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | DhcpRelayConfig results | array of DhcpRelayConfig | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DhcpServerConfig (schema)
DHCP server configuration
DHCP server configuration.
Please note, the realized-state of this entity returned by the
"GET /policy/api/v1/infra/realized-state/realized-entity" with this entity
policy-path is irrelevant with the application status of this entity.
Please do not rely on this returned realized-state to determine how this
dhcp-server-config was applied. The dhcp realization information was
reflected in the realization states of the referencing Segment or T0/T1
gateway.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| edge_cluster_path | Edge cluster path or label of type PolicyEdgeCluster The reference to the edge cluster using the policy path of the edge cluster or label of type PolicyEdgeCluster. Auto assigned if only one edge cluster is configured on enforcement-point. Modifying edge cluster will reallocate DHCP server to the new edge cluster. Please note that re-allocating edge-cluster will result in losing of all exisitng DHCP lease information. Change edge cluster only when losing DHCP leases is not a real problem, e.g. cross-site migration or failover and all client hosts will be reboot and get new IP addresses. |
string | |
| enable_standby_relocation | Stand-By Relocation If no "preferred-edge-paths" were defined, and the "enable-standby-relocation"=true, once a new edge-node was added to the edge-cluster, the stand-by node of the DHCP could possibly be moved to another edge-node. But there is no guarantee that the stand-by will be moved. Please note, if the dhcp-server-config was applied to a gateway, and this gateway has defined its own edge-cluster and preferred edge-nodes, then the edge-cluster and nodes defined in dhcp-server-config will be ignored. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| lease_time | IP address lease time in seconds IP address lease time in seconds. |
integer | Deprecated Minimum: 60 Maximum: 4294967295 Default: "86400" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| preferred_edge_paths | Edge node path Policy paths to edge nodes on which the DHCP servers run. The first edge node is assigned as active edge, and second one as stanby edge. If only one edge node is specified, the DHCP servers will run without HA support. When this property is not specified, edge nodes are auto-assigned during realization of the DHCP server. |
array of string | Maximum items: 2 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DhcpServerConfig | string | |
| server_address | DHCP server address in CIDR format DHCP server address in CIDR format. Prefix length should be less than or equal to 30. DHCP server is deployed as DHCP relay service. This property is deprecated, use server_addresses instead. Both properties cannot be specified together with different new values. |
string | Deprecated Format: ip-cidr-block |
| server_addresses | DHCP server address in CIDR format DHCP server address in CIDR format. Both IPv4 and IPv6 address families are supported. Prefix length should be less than or equal to 30 for IPv4 address family and less than or equal to 126 for IPv6. When not specified, IPv4 value is auto-assigned to 100.96.0.1/30. Ignored when this object is configured at a Segment. |
array of string | Maximum items: 2 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DhcpServerConfigListResult (schema)
Paged collection of DhcpServerConfigs
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | DhcpServerConfig results | array of DhcpServerConfig | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DhcpServerLeaseRequestParameters (schema)
DHCP server lease request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| address | IP or MAC address IP address, IP range or MAC address to retrieve specific lease information. Either a "address" or a "segment_path" can be provided, but not both in the same call. |
string | |
| connectivity_path | String Path of Tier0, Tier1 or Segment String Path of Tier0, Tier1 or Segment where DHCP server is deployed. Specify Tier0/Tier1 gateway path for DHCP server attached to the gateway. Segment path must be specified for local DHCP server configuration. |
string | Required |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point Enforcement point path. Required when multiple enforcement points are configured. |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| segment_path | Segment path to retrieve lease information Segment path to retrieve lease information. Either a "address" or a "segment_path" can be provided, but not both in the same call. |
string | |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| source | The data source The data source, either realtime or cached. If not provided, cached data is returned. |
DataSourceType |
DhcpServerRequestParameters (schema)
DHCP server list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| connectivity_path | String Path of Tier0, Tier1 or Segment String Path of Tier0, Tier1 or Segment where DHCP server is deployed. Specify Tier0/Tier1 gateway path for DHCP server attached to the gateway. Segment path must be specified for local DHCP server configuration. |
string | Required |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point Enforcement point path. Required when multiple enforcement points are configured. |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
DhcpServerState (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Array of configuration state of various sub systems | array of ConfigurationStateElement | Readonly |
| failure_code | Error code | integer | Readonly |
| failure_message | Error message in case of failure | string | Readonly |
| state | Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated. |
string | Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE, ADVANCED_CONFIG_EDIT_PENDING, DUPLICATE_VLANS_SHARING_SAME_PNIC, MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, REDEPLOY_ACTIVITY_FAILED, REDEPLOY_ACTIVITY_IN_PROGRESS, REDEPLOY_ACTIVITY_SCHEDULED, REDEPLOY_ACTIVITY_SUCCESSFUL, REPLACE_ACTIVITY_FAILED, REPLACE_ACTIVITY_IN_PROGRESS, REPLACE_ACTIVITY_SCHEDULED, REPLACE_ACTIVITY_SUCCESSFUL, REPLACED_RPC_CLIENT_OF_TN, RETRYING_REPLACE, UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR, VM_REDEPLOY_FAILED, VM_RESOURCE_RESERVATION_EDIT_PENDING, REDEPLOYED_VM_REGISTRATION_PENDING |
DhcpServerStatistics (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| acks | The total number of DHCP ACK packets | integer | Required |
| declines | The total number of DHCP DECLINE packets | integer | Required |
| dhcp_server_id | dhcp server uuid | string | Required |
| discovers | The total number of DHCP DISCOVER packets | integer | Required |
| errors | The total number of DHCP errors | integer | Required |
| informs | The total number of DHCP INFORM packets | integer | Required |
| ip_pool_stats | The DHCP ip pool usage statistics | array of DhcpIpPoolUsage | |
| nacks | The total number of DHCP NACK packets | integer | Required |
| offers | The total number of DHCP OFFER packets | integer | Required |
| releases | The total number of DHCP RELEASE packets | integer | Required |
| requests | The total number of DHCP REQUEST packets | integer | Required |
| timestamp | timestamp of the statistics | EpochMsTimestamp | Required |
DhcpServerStatus (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| active_node | uuid of active transport node | string | Required |
| error_message | Error message, if available | string | |
| service_status | UP means the dhcp service is working fine on both active transport-node
and stand-by transport-node (if have), hence fail-over can work at this time if there is failure happens on one of the transport-node; DOWN means the dhcp service is down on both active transport-node and stand-by node (if have), hence the dhcp-service will not repsonse any dhcp request; Error means error happens on transport-node(s) or no status is reported from transport-node(s). The dhcp service may be working (or not working); NO_STANDBY means dhcp service is working in one of the transport node while not in the other transport-node (if have). Hence if the dhcp service in the working transport-node is down, fail-over will not happen and the dhcp service will go down. |
string | Required Enum: UP, DOWN, ERROR, NO_STANDBY |
| stand_by_node | uuid of stand_by transport node. null if non-HA mode | string |
DhcpStaticBindingConfig (schema)
Base class for DHCP options
DHCP IPv4 and IPv6 static bindings are extended from this abstract class.
This is an abstract type. Concrete child types:
DhcpV4StaticBindingConfig
DhcpV6StaticBindingConfig
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DhcpStaticBindingConfig | string | Required Enum: DhcpV4StaticBindingConfig, DhcpV6StaticBindingConfig |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DhcpStaticBindingConfigListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of DhcpStaticBindingConfig | array of DhcpStaticBindingConfig (Abstract type: pass one of the following concrete types) DhcpV4StaticBindingConfig DhcpV6StaticBindingConfig |
Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DhcpStaticBindingState (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Array of configuration state of various sub systems | array of ConfigurationStateElement | Readonly |
| failure_code | Error code | integer | Readonly |
| failure_message | Error message in case of failure | string | Readonly |
| state | Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated. |
string | Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE, ADVANCED_CONFIG_EDIT_PENDING, DUPLICATE_VLANS_SHARING_SAME_PNIC, MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, REDEPLOY_ACTIVITY_FAILED, REDEPLOY_ACTIVITY_IN_PROGRESS, REDEPLOY_ACTIVITY_SCHEDULED, REDEPLOY_ACTIVITY_SUCCESSFUL, REPLACE_ACTIVITY_FAILED, REPLACE_ACTIVITY_IN_PROGRESS, REPLACE_ACTIVITY_SCHEDULED, REPLACE_ACTIVITY_SUCCESSFUL, REPLACED_RPC_CLIENT_OF_TN, RETRYING_REPLACE, UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR, VM_REDEPLOY_FAILED, VM_RESOURCE_RESERVATION_EDIT_PENDING, REDEPLOYED_VM_REGISTRATION_PENDING |
DhcpStatistics (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| acks | The total number of DHCP ACK packets | integer | Required |
| declines | The total number of DHCP DECLINE packets | integer | Required |
| dhcp_server_id | dhcp server uuid | string | Required |
| discovers | The total number of DHCP DISCOVER packets | integer | Required |
| errors | The total number of DHCP errors | integer | Required |
| informs | The total number of DHCP INFORM packets | integer | Required |
| ip_pool_stats | The DHCP ip pool usage statistics | array of DhcpIpPoolUsage | |
| nacks | The total number of DHCP NACK packets | integer | Required |
| offers | The total number of DHCP OFFER packets | integer | Required |
| releases | The total number of DHCP RELEASE packets | integer | Required |
| requests | The total number of DHCP REQUEST packets | integer | Required |
| timestamp | timestamp of the statistics | EpochMsTimestamp | Required |
DhcpV4Options (schema)
DHCP options for IPv4 address family
DHCP options for IPv4 server.
| Name | Description | Type | Notes |
|---|---|---|---|
| option121 | DHCP option 121 DHCP option 121 to define classless static routes. |
DhcpOption121 | |
| others | Other DHCP options To define DHCP options other than option 121 in generic format. Please note, only the following options can be defined in generic format. Those other options will be accepted without validation but will not take effect. -------------------------- Code Name -------------------------- 2 Time Offset 6 Domain Name Server 13 Boot File Size 19 Forward On/Off 26 MTU Interface 28 Broadcast Address 35 ARP Timeout 40 NIS Domain 41 NIS Servers 42 NTP Servers 44 NETBIOS Name Srv 45 NETBIOS Dist Srv 46 NETBIOS Node Type 47 NETBIOS Scope 58 Renewal Time 59 Rebinding Time 64 NIS+-Domain-Name 65 NIS+-Server-Addr 66 TFTP Server-Name (used by PXE) 67 Bootfile-Name (used by PXE) 117 Name Service Search 119 Domain Search 150 TFTP server address (used by PXE) 209 PXE Configuration File 210 PXE Path Prefix 211 PXE Reboot Time |
array of GenericDhcpOption | Minimum items: 0 Maximum items: 255 |
DhcpV4StaticBindingConfig (schema)
DHCP static binding
DHCP IPv4 static bindings are configured for each segment.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| gateway_address | Gateway IP address When not specified, gateway address is auto-assigned from segment configuration. |
IPv4Address | |
| host_name | Host name Hostname to assign to the host. |
string | Maximum length: 63 |
| id | Unique identifier of this resource | string | Sortable |
| ip_address | IP assigned to host IP assigned to host. The IP address must belong to the subnet, if any, configured on Segment. |
IPv4Address | Required |
| lease_time | Lease time DHCP lease time in seconds. |
integer | Minimum: 60 Maximum: 4294967295 Default: "86400" |
| mac_address | MAC address of host MAC address of the host. |
MACAddress | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| options | DHCP options IPv4 DHCP options. |
DhcpV4Options | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DhcpV4StaticBindingConfig | string | Required Enum: DhcpV4StaticBindingConfig, DhcpV6StaticBindingConfig |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DhcpV6StaticBindingConfig (schema)
DHCP static binding
DHCP IPv6 static bindings are configured for each segment.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dns_nameservers | DNS nameservers to be set to client host When not specified, no DNS nameserver will be set to client host. |
array of string | Minimum items: 0 Maximum items: 2 |
| domain_names | Domain names to be assigned to client host When not specified, no domain name will be assigned to client host. |
array of string | |
| id | Unique identifier of this resource | string | Sortable |
| ip_addresses | IP addresses to be assigned to client host When not specified, no ip address will be assigned to client host. |
array of IPv6Address | Minimum items: 0 Maximum items: 1 |
| lease_time | Lease time Lease time, in seconds. |
integer | Minimum: 60 Maximum: 4294967295 Default: "86400" |
| mac_address | MAC address The MAC address of the client host. Either client-duid or mac-address, but not both. |
MACAddress | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| preferred_time | Preferred time Preferred time, in seconds. If this value is not provided, the value of lease_time*0.8 will be used. |
integer | Minimum: 48 Maximum: 4294967295 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DhcpV6StaticBindingConfig | string | Required Enum: DhcpV4StaticBindingConfig, DhcpV6StaticBindingConfig |
| sntp_servers | SNTP server ips SNTP server IP addresses. |
array of IPv6Address | Minimum items: 0 Maximum items: 2 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
Dhcpv6Header (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| msg_type | DHCP message type This is used to specify the DHCP v6 message. To request the assignment of one or more IPv6 addresses, a client first locates a DHCP server and then requests the assignment of addresses and other configuration information from the server. The client sends a Solicit message to the All_DHCP_Relay_Agents_and_Servers address to find available DHCP servers. Any server that can meet the client's requirements responds with an Advertise message. The client then chooses one of the servers and sends a Request message to the server asking for confirmed assignment of addresses and other configuration information. The server responds with a Reply message that contains the confirmed addresses and configuration. SOLICIT - A client sends a Solicit message to locate servers. ADVERTISE - A server sends and Advertise message to indicate that it is available. REQUEST - A client sends a Request message to request configuration parameters. REPLY - A server sends a Reply message containing assigned addresses and configuration parameters. |
string | Enum: SOLICIT, ADVERTISE, REQUEST, REPLY Default: "SOLICIT" |
DirectoryDomainSyncSettings (schema)
Domain synchronization settings
| Name | Description | Type | Notes |
|---|---|---|---|
| delta_sync_interval | Delta synchronization inverval in minutes Directory domain delta synchronization interval time between two delta sync in minutes. |
integer | Minimum: 5 Maximum: 720 Default: "180" |
| full_sync_cron_expr | Full synchronization cron expression Directory domain full synchronization schedule using cron expression. For example, cron expression "0 0 12 ? * SUN *" means full sync is scheduled every Sunday midnight. If this object is null, it means there is no background cron job running for full sync. |
string | |
| sync_delay_in_sec | Sync delay (in second). Sync delay after Directory domain has been successfully created. if delay is -1, initial full sync will not be triggered. |
int | Minimum: -1 Maximum: 600 Default: "30" |
DirectoryEventLogServerStatus (schema)
Event log server connection status
| Name | Description | Type | Notes |
|---|---|---|---|
| error_message | Additional optional detail error message | string | Readonly |
| last_event_record_id | Last event record ID Last event record ID is an opaque integer value that shows the last successfully received event from event log server. |
integer | Readonly |
| last_event_time_created | Time when last event record ID was received Time of last successfully received and record event from event log server. |
EpochMsTimestamp | Readonly |
| last_polling_time | Last polling time | EpochMsTimestamp | Readonly |
| status | Current connection status of event log server Connection status: OK: All OK ERROR: Generic error |
string | Required Readonly Enum: OK, ERROR |
DiscoveredResource (schema)
Base class for resources that are discovered and automatically updated
| Name | Description | Type | Notes |
|---|---|---|---|
| _last_sync_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| resource_type | The type of this resource. | string | Required |
| scope | List of scopes for discovered resource Specifies list of scope of discovered resource. e.g. if VHC path is associated with principal identity, who owns the discovered resource, then scope id will be VHC path and scope type will be VHC. |
array of DiscoveredResourceScope | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
DiscoveredResourceScope (schema)
Scope of discovered resource
| Name | Description | Type | Notes |
|---|---|---|---|
| scope_id | Scope Id of scope for discovered resource Specifies the scope id of discovered resource. |
string | |
| scope_type | Type of scope Type of the scope for the discovered resource. |
string | Enum: CONTAINER_CLUSTER, VPC |
DiscoveryProfileBindingMap (schema)
Base Discovery Profile Binding Map
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DiscoveryProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DiskProvisioning (schema)
Disk provisioning type
Disk provisioning type for deploying VM.
| Name | Description | Type | Notes |
|---|---|---|---|
| DiskProvisioning | Disk provisioning type Disk provisioning type for deploying VM. |
string | Required Enum: THIN, LAZY_ZEROED_THICK, EAGER_ZEROED_THICK |
DistributedFloodProtectionProfile (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_rst_spoofing | Flag to indicate rst spoofing is enabled If set to true, rst spoofing will be enabled. Flag is used only for distributed firewall profiles. |
boolean | Default: "False" |
| enable_syncache | Flag to indicate syncache is enabled If set to true, sync cache will be enabled. Flag is used only for distributed firewall profiles. |
boolean | Default: "False" |
| icmp_active_flow_limit | Active ICMP connections limit If this field is empty, firewall will not set a limit to active ICMP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| other_active_conn_limit | Timeout after first TN If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DistributedFloodProtectionProfile | FloodProtectionProfileResourceType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_half_open_conn_limit | Active half open TCP connections limit If this field is empty, firewall will not set a limit to half open TCP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| udp_active_flow_limit | Active UDP connections limit If this field is empty, firewall will not set a limit to active UDP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DnsClientConfig (schema)
Dns configuration
Dns config
| Name | Description | Type | Notes |
|---|---|---|---|
| dns_server_ips | IPs of the DNS servers which need to be configured on the workload VMs
|
array of string |
DnsHeader (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| address | Domain name/IP to query/response This is used to define what is being asked or responded. |
string | Format: hostname-or-ip |
| address_type | This is used to specify the type of the address. V4 - The address provided is an IPv4 domain name/IP address, the Type in query or response will be A V6 - The address provided is an IPv6 domain name/IP address, the Type in query or response will be AAAA | string | Enum: V4, V6 Default: "V4" |
| message_type | Specifies the message type whether it is a query or a response. | string | Enum: QUERY, RESPONSE Default: "QUERY" |
DnsNameString (schema)
An IA5String instance for DNS Name
DNS name string in the "preferred name syntax", as specified by
Section 3.5 of [RFC1034] and as modified by Section 2.1 of [RFC1123].
| Name | Description | Type | Notes |
|---|---|---|---|
| DnsNameString | An IA5String instance for DNS Name DNS name string in the "preferred name syntax", as specified by Section 3.5 of [RFC1034] and as modified by Section 2.1 of [RFC1123]. |
string | Maximum length: 200 Format: hostname |
DnsSecurityProfile (schema)
DNS security profile
Used to configure DNS security profile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DnsSecurityProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| ttl | Time to live for DNS cache entry Time to live for DNS cache entry in seconds. Valid TTL values are between 3600 to 864000. However, this field accepts values between 0 through 864000. We define TTL type based on the value of TTL as follows: TTL 0 - cached entry never expires. TTL 1 to 3599 - invalid input and error is thrown TTL 3600 to 864000 - ttl is set to user input TTL field not set by user - TTL type is 'AUTO' and ttl value is set from DNS response packet. User defined TTL value is used only when it is betweeen 3600 to 864000. |
integer | Minimum: 0 Maximum: 864000 Default: "86400" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DnsSecurityProfileBindingMap (schema)
Binding Map for DNS Security Profile
This entity will be used to establish association between DNS security profile and
Group. With this entity, user can specify intent for applying DNS security profile
profile to particular Group.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profile_path | Profile Path PolicyPath of associated Profile |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DnsSecurityProfileBindingMap | string | |
| sequence_number | Sequence number DNS Security Profile Binding Map Sequence number used to resolve conflicts betweeen two profiles applied on the same group. Lower sequence number takes higher precedence. Two binding maps applied to the same profile must have the same sequence number. User defined sequence numbers range from 1 through 100,000. System defined sequence numbers range from 100,001 through 200,000. |
integer | Minimum: 1 Maximum: 100000 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DnsSecurityProfileBindingMapListRequestParameters (schema)
DNS Security Profile Binding Map List Request Parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
DnsSecurityProfileBindingMapListResult (schema)
Paged collection of DNS Security Profile Binding Map
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | DNS Security Profile Binding Map List Results | array of DnsSecurityProfileBindingMap | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DnsSecurityProfileListResult (schema)
Paged Collection of DnsSecurityProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | DnsSecurityProfile list results | array of DnsSecurityProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
Domain (schema)
Domain
Domain.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildDomainDeploymentMap ChildForwardingPolicy ChildGatewayPolicy ChildGroup ChildSecurityPolicy |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Domain | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DomainDeploymentMap (schema)
Domain Deployment Map
Binding of domain to the enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enforcement_point_path | Absolute path of enforcement point Path of enforcement point on which domain shall be enforced. |
string | Required |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DomainDeploymentMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DomainDeploymentMapListRequestParameters (schema)
Domain Deployment Map List Request Parameters
Domain Deployment Map list request parameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
DomainDeploymentMapListResult (schema)
Paged Collection of Domain Deployment Map
Paged collection of Domain Deployment Map.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Domain Deployment Map List Result Domain Deployment Map list result. |
array of DomainDeploymentMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DomainListRequestParameters (schema)
Domain list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
DomainListResult (schema)
Paged Collection of Domains
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Domain list results | array of Domain | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DonutConfiguration (schema)
Donut Configuration
Represents configuration of a Donut
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| count | Expression to retrieve count to be shown on Donut Expression to retrieve count to be shown on Donut. |
string | |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_count | Show or hide the count of entities If true, displays the count of entities in the donut |
boolean | Default: "True" |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| label | Label of the Donut Configuration Displayed at the middle of the donut, by default. It labels the entities of donut. |
Label | |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. |
string | Maximum length: 1024 |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value DonutConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| sections | Sections | array of DonutSection | Required Minimum items: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
DonutPart (schema)
Portion of a donut or stats chart
Represents an entity or portion to be plotted on a donut or stats chart.
| Name | Description | Type | Notes |
|---|---|---|---|
| condition | Expression for evaluating condition If the condition is met then the part will be displayed. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. |
string | |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | |
| field | Value of the portion or entity of donut or stats chart A numerical value that represents the portion or entity of the donut or stats chart. |
string | Required Maximum length: 1024 |
| hide_empty_legend | Hide the legend if the data for the part is not available If true, legend will be shown only if the data for the part is available. This is applicable only if legends are specified in widget configuration. |
boolean | Default: "False" |
| label | Label of the portion or entity of donut or stats chart If a section 'template' holds this donut or stats part, then the label is auto-generated from the fetched field values after applying the template. |
Label | |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. If drilldown_id is provided, then navigation cannot be used. |
string | |
| render_configuration | Render Configuration Additional rendering or conditional evaluation of the field values to be performed, if any. |
array of RenderConfiguration | Minimum items: 0 |
| tooltip | Multi-line tooltip Multi-line text to be shown on tooltip while hovering over the portion. |
array of Tooltip | Minimum items: 0 |
DonutSection (schema)
Section of a donut or stats chart
Represents high level logical grouping of portions or segments of a donut / stats chart.
| Name | Description | Type | Notes |
|---|---|---|---|
| parts | Parts of a donut / stats chart Array of portions or parts of the donut or stats chart. |
array of DonutPart | Required Minimum items: 1 |
| row_list_field | Field from which parts of the donut or stats chart are formed Field of the root of the api result set for forming parts. |
string | Maximum length: 1024 |
| template | Template, if any, for automatically forming the donut or stats parts If true, the section will be appled as template for forming parts. Only one part will be formed from each element of 'row_list_field'. |
boolean | Default: "False" |
DpuStatusProperties (schema)
Data processing unit status properties
| Name | Description | Type | Notes |
|---|---|---|---|
| cpu_cores | CPU core count The number of CPU cores on the system. |
integer | Readonly |
| dpu_id | Data processing unit ID | string | Readonly |
| load_average | System load average One, five, and fifteen minute load averages for the system. |
array of number | Readonly |
| mem_cache | Cached RAM size in kilobytes Amount of RAM on the system that can be flushed out to disk, in kilobytes. |
integer | Readonly |
| mem_total | Total RAM size in kilobytes System Amount of RAM allocated to the system, in kilobytes. |
integer | Readonly |
| mem_used | Used RAM size in kilobytes Amount of RAM in use on the system, in kilobytes. |
integer | Readonly |
DropdownFilterPlotConfiguration (schema)
Dropdown Filtert plotting configuration
Dropdown Filter plotting configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| allow_maximize | Allow maximize capability for this widget Allow maximize capability for this widget |
boolean | |
| allow_search | Allow search on drop down filter Allow search on drop down filter. |
boolean | Default: "False" |
| condition | Expression for evaluating condition for this chart config If the condition is met then the given chart config is applied to the widget configuration. |
string | Maximum length: 1024 |
DropdownFilterWidgetConfiguration (schema)
Dropdown Filter widget Configuration
Represents configuration for dropdown filter widget.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alias | Alias to be used when emitting filter value Alias to be used when emitting filter value. |
string | |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| default_value | Expression to specify default value Expression to specify default value of filter. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| dropdown_filter_plot_config | Dropdown filter plotting configuration Dropdown filter plotting configuration. This plotting configuration will be applicable for the Dropdown filter only. |
DropdownFilterPlotConfiguration | |
| dropdown_item | Definition for item of a dropdown Defines the item of a dropdown. |
DropdownItem | |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| placeholder_msg | Placeholder message to be shown in filter Placeholder message to be displayed in dropdown filter. |
string | |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value DropdownFilterWidgetConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| static_filter_condition | Expression for evaluating condition If the condition is met then the static filter will be added. If no condition is provided, then the static filters will be applied unconditionally. |
string | |
| static_filters | Additional static items to be added in dropdown filter Additional static items to be added in dropdown filter. Example can be 'ALL'. |
array of StaticFilter | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
DropdownItem (schema)
Dropdown item definition
| Name | Description | Type | Notes |
|---|---|---|---|
| additional_value | An additional value for item to be display in dropdown. An additional key-value pair for item to be display in dropdown. |
object | |
| display_name | Display name for item to be displayed in dropdown expression to extract display name to be shown in the drop down. |
string | Maximum length: 1024 |
| field | Expression for dropdown items of filter An expression that represents the items of the dropdown filter. |
string | Required |
| short_display_name | A property value to be shown once value is selected for a filter. Property value is shown in the drop down input box for a filter. If the value is not provided 'display_name' property value is used. |
string | Maximum length: 1024 |
| value | Value for item to be displayed in dropdown Value of filter inside dropdown filter. |
string | Required |
DscpBit (schema)
Dscp bit config
To define the Dscp bit in Global In-band network telemetry configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| dscp_bit | DSCP bit for indicating the existence of INT header. A DSCP bit is allocated to indicate the existence of INT header. It takes effect only when the INT indicator mode is DSCP_BIT. The user should guarantee that the given DSCP bit is specifically allocated for INT. |
int | Required Minimum: 0 Maximum: 5 |
| indicator_type | Must be set to the value DscpBit | string | Required Enum: DSCP_BIT, DSCP_VALUE |
DscpIndicator (schema)
Abstract base type for Global In-band network telemetry configuration
The DscpIndicator is the base class for global In-band network telemetry
configurations for different types in a NSX domain.
This is an abstract type. Concrete child types:
DscpBit
DscpValue
| Name | Description | Type | Notes |
|---|---|---|---|
| indicator_type | The method for indicating the existence of INT header. | string | Required Enum: DSCP_BIT, DSCP_VALUE |
DscpTrustMode (schema)
Trust settings
When you select the Trusted mode the inner header DSCP value is applied
to the outer IP header for IP/IPv6 traffic. For non IP/IPv6 traffic,
the outer IP header takes the default value.Untrusted mode is supported
on overlay-based and VLAN-based logical port.
| Name | Description | Type | Notes |
|---|---|---|---|
| DscpTrustMode | Trust settings When you select the Trusted mode the inner header DSCP value is applied to the outer IP header for IP/IPv6 traffic. For non IP/IPv6 traffic, the outer IP header takes the default value.Untrusted mode is supported on overlay-based and VLAN-based logical port. |
string | Enum: TRUSTED, UNTRUSTED Default: "TRUSTED" |
DscpValue (schema)
Dscp bit config
To define the Dscp value in Global In-band network telemetry configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| dscp_value | DSCP value for indicating the existence of INT header. A DSCP value is allocated to indicate the existence of INT header. It takes effects only when the INT indicator mode is DSCP_VALUE. The user should guarantee that the given DSCP value is specifically allocated for INT. |
int | Required Minimum: 1 Maximum: 63 |
| indicator_type | Must be set to the value DscpValue | string | Required Enum: DSCP_BIT, DSCP_VALUE |
DuplicateAddressBindingEntry (schema) (Deprecated)
Duplicate address binding information
| Name | Description | Type | Notes |
|---|---|---|---|
| binding | Combination of IP-MAC-VLAN binding | PacketAddressClassifier | |
| binding_timestamp | Timestamp of binding Timestamp at which the binding was discovered via snooping or manually specified by the user |
EpochMsTimestamp | |
| conflicting_port | ID of logical port with the same address binding Provides the ID of the port on which the same address bidning exists |
string | |
| source | Address binding source Source from which the address binding entry was obtained |
AddressBindingSource | Default: "UNKNOWN" |
DuplicateIPDetectionOptions (schema)
Controls duplicate IP detection options
Contains dupliacte IP detection related discovery options.
| Name | Description | Type | Notes |
|---|---|---|---|
| duplicate_ip_detection_enabled | Duplicate IP detection Indicates whether duplicate IP detection should be enabled |
boolean | Default: "False" |
DynamicContentFilterQueryParameter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| scope | Restrict scope of dynamic content filters to report | string | Enum: NAPP |
DynamicContentFilterValue (schema)
Support bundle dynamic content filter allowed values, for example, NAPP:SERVICE:PLATFORM_SERVICES
| Name | Description | Type | Notes |
|---|---|---|---|
| DynamicContentFilterValue | Support bundle dynamic content filter allowed values, for example, NAPP:SERVICE:PLATFORM_SERVICES | string |
DynamicContentFilters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dynamic_content_filters | Support bundle content filter allowed values These filter values will be set by the remote node like the NSX Intelligence Platform for instance. We would not need to know or act on these dynamic content filters, except for passing them on as request parameters along with the support bundle collection API. |
array of DynamicContentFilterValue |
EPActionForDnsForwarderRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| action | An action to be performed for DNS forwarder on EP The valid DNS forwarder actions to be performed on EP are, - clear_cache: Clear the current cache of the dns forwarder from specified enforcement point. |
string | Required Enum: clear_cache |
| enforcement_point_path | An enforcement point path, on which the action is to be performed An enforcement point path, on which the action is to be performed. If not specified, default enforcement point path, /infra/sites/default/enforcement-points/default will be considered. |
string | Default: "/infra/sites/default/enforcement-points/default" |
EULAAcceptance (schema)
EULA acceptance status
Indicate the status of End User License Agreement acceptance
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| acceptance | End User License Agreement acceptance status Acceptance status of End User License Agreement |
boolean | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value EULAAcceptance | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
EULAContent (schema)
EULA content
End User License Agreement content
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| content | End User License Agreement content Content of End User License Agreement |
secure_string | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value EULAContent | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
EULAOutputFormatRequestParameters (schema)
Indicate output format of End User License Agreement content
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| value_format | End User License Agreement content output format | string |
EdgeClusterNodeType (schema)
Supported edge cluster node type.
| Name | Description | Type | Notes |
|---|---|---|---|
| EdgeClusterNodeType | Supported edge cluster node type. | string | Enum: EDGE_NODE, PUBLIC_CLOUD_GATEWAY_NODE, UNKNOWN |
EdgeConfigurationState (schema)
Configuration State for Edge and VPN entities.
This contains fields that captures state of Trackable entities.
Edge and VPN state entities extend this object.
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Array of configuration state of various sub systems | array of ConfigurationStateElement | Readonly |
| failure_code | Error code | integer | Readonly |
| failure_message | Error message in case of failure | string | Readonly |
| pending_change_list | List of pending changes Request identifier of the API which modified the entity. |
array of string | Readonly |
| state | Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated. |
string | Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE, ADVANCED_CONFIG_EDIT_PENDING, DUPLICATE_VLANS_SHARING_SAME_PNIC, MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, REDEPLOY_ACTIVITY_FAILED, REDEPLOY_ACTIVITY_IN_PROGRESS, REDEPLOY_ACTIVITY_SCHEDULED, REDEPLOY_ACTIVITY_SUCCESSFUL, REPLACE_ACTIVITY_FAILED, REPLACE_ACTIVITY_IN_PROGRESS, REPLACE_ACTIVITY_SCHEDULED, REPLACE_ACTIVITY_SUCCESSFUL, REPLACED_RPC_CLIENT_OF_TN, RETRYING_REPLACE, UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR, VM_REDEPLOY_FAILED, VM_RESOURCE_RESERVATION_EDIT_PENDING, REDEPLOYED_VM_REGISTRATION_PENDING |
EdgeTransportNodeDatapathMemoryPoolUsage (schema)
Usage of datapath memory pool
Datapath memory pool usage value.
| Name | Description | Type | Notes |
|---|---|---|---|
| description | Description of the memory pool Description of the memory pool. |
string | Readonly |
| name | Name of the datapath memory pool Name of the datapath memory pool as available on edge node CLI. |
string | Readonly |
| usage | Percentage of memory pool in use Percentage of memory pool in use. |
number | Readonly |
EdgeTransportNodeDatapathMemoryUsage (schema)
Detailed view of the datapath memory usage. Details out the heap and per memory pool usage
Detailed view of the datapath memory usage. Details out the heap and per memory pool point in time usage.
| Name | Description | Type | Notes |
|---|---|---|---|
| datapath_heap_usage | Percentage of heap memory in use Percentage of heap memory in use. |
number | Readonly |
| datapath_mem_pools_usage | array of EdgeTransportNodeDatapathMemoryPoolUsage | ||
| highest_datapath_mem_pool_usage | Highest percentage usage value among datapath memory pools Highest percentage usage value among datapath memory pools. |
number | Readonly |
| highest_datapath_mem_pool_usage_names | array of string |
EdgeTransportNodeMemoryUsage (schema)
Memory usage details of edge node
Point in time usage of system, datapath, swap and cache memory in edge node.
| Name | Description | Type | Notes |
|---|---|---|---|
| cache_usage | Percentage of RAM on the system that can be flushed out to disk Percentage of RAM on the system that can be flushed out to disk. |
number | Readonly |
| datapath_mem_usage_details | Detailed view of the datapath memory usage. Details out the heap and per memory pool usage Detailed view of the datapath memory usage. Details out the heap and per memory pool point in time usage. |
EdgeTransportNodeDatapathMemoryUsage | Readonly |
| datapath_total_usage | Percentage of memory in use by datapath processes Percentage of memory in use by datapath processes which includes RES and hugepage memory. |
number | Readonly |
| swap_usage | Percentage of swap disk in use Percentage of swap disk in use. |
number | Readonly |
| system_mem_usage | Percentage of RAM in use on edge node Percentage of RAM in use on edge node. |
number | Readonly |
EdgeUpgradeStatus (schema)
Status of edge upgrade
| Name | Description | Type | Notes |
|---|---|---|---|
| can_rollback | Can perform rollback This field indicates whether we can perform upgrade rollback. |
boolean | Readonly |
| can_skip | Can the upgrade of the remaining units in this component be skipped | boolean | Readonly |
| component_type | Component type for the upgrade status | string | Readonly |
| current_version_node_summary | Mapping of current versions of nodes and counts of nodes at the respective versions. | NodeSummaryList | Readonly |
| details | Details about the upgrade status | string | Readonly |
| node_count_at_target_version | Count of nodes at target component version Number of nodes of the type and at the component version |
int | Readonly |
| percent_complete | Indicator of upgrade progress in percentage | number | Required Readonly |
| pre_upgrade_status | Pre-upgrade status of the component-type | UpgradeChecksExecutionStatus | Readonly |
| status | Upgrade status of component | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED |
| target_component_version | Target component version | string | Readonly |
EffectiveIPInfo (schema)
List of effective ip address along with site id
| Name | Description | Type | Notes |
|---|---|---|---|
| effective_ips | array of IPElement | Required | |
| site_id | Id of the site to which the effective IPs belong to | string | Required |
EffectiveProfilesResponse (schema)
Enforcement point request entity
| Name | Description | Type | Notes |
|---|---|---|---|
| profiles_list | array of SwitchingProfileTypeIdEntry |
EgressRateLimiter (schema)
A shaper that specifies egress rate properties in Mb/s
| Name | Description | Type | Notes |
|---|---|---|---|
| average_bandwidth | Average bandwidth in Mb/s | int | Minimum: 0 Default: "0" |
| burst_size | Burst size in bytes | int | Minimum: 0 Default: "0" |
| enabled | boolean | Required | |
| peak_bandwidth | Peak bandwidth in Mb/s | int | Minimum: 0 Default: "0" |
| resource_type | Must be set to the value EgressRateLimiter | string | Required Enum: IngressRateLimiter, IngressBroadcastRateLimiter, EgressRateLimiter Default: "IngressRateLimiter" |
EndpointPolicy (schema)
Contains ordered list of Endpoint Rules
Ordered list of Endpoint Rules ordered by sequence number of the entries.
The maximum number of policies is 25.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| endpoint_rules | Endpoint Rules that are a part of this EndpointPolicy | array of EndpointRule | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value EndpointPolicy | string | |
| sequence_number | Precedence to resolve conflicts across Domains This field is used to resolve conflicts between maps across domains. |
int | Minimum: 0 Maximum: 499 Default: "0" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
EndpointRule (schema)
Endpoint Rule for guest introspection.
Endpoint Rule comes from user configuration. User configures Endpoint Rule to specify what services are applied on the groups.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| groups | group paths We need paths as duplicate names may exist for groups under different domains. In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Required Maximum items: 50 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value EndpointRule | string | |
| sequence_number | Sequence number of this Entry This field is used to resolve conflicts between multiple entries under EndpointPolicy. It will be system default value when not specified by user. |
int | Minimum: 0 Maximum: 499 Default: "0" |
| service_profiles | Names of service profiles The policy paths of service profiles are listed here. It pecifies what services are applied on the group. Currently only one is allowed. |
array of string | Required Maximum items: 1 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
EnforcedStatusDetailsNsxT (schema)
NSX-T Enforced Realized Status Details
Detailed Realized Status of an intent object on an NSX-T type of enforcement point. This is
a detailed view of the Realized Status of an intent object from an NSX-T enforcement point
perspective.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforced_status_info | Enforced Realized Status Info Information about the realized status of the intent on this enforcement point. Some very recent changes may be excluded when preparing this information, which is indicated by Pending Changes Info. |
EnforcedStatusInfoNsxT | Readonly |
| pending_changes_info | Pending Changes Info Information about pending changes, if any, that aren't reflected in the Enforced Realized Status. |
PendingChangesInfoNsxT | Readonly |
EnforcedStatusInfoNsxT (schema)
NSX-T Enforced Realized Status Information
Information about the realized status of the intent object on an NSX-T type of enforcement point.
Some very recent changes may be excluded when preparing this information, which is indicated by
Pending Changes Info. In addition to the realized status across all scopes, this information holds
details about enforced realized status per scope.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforced_status | Enforced Realized Status Consolidated Realized Status of an Intent object across all scopes of an NSX-T type of enforcement point. |
EnforcedStatusNsxT | Readonly |
| enforced_status_per_scope | List of Enforced Realized Status per Scope List of Enforced Realized Status per Scope. |
array of EnforcedStatusPerScopeNsxT (Abstract type: pass one of the following concrete types) TransportNodeSpanEnforcedStatus |
Readonly |
EnforcedStatusNsxT (schema)
NSX-T Enforced Status
NSX-T Enforced Status.
| Name | Description | Type | Notes |
|---|---|---|---|
| status | Enforced Realized Status Enforced Realized Status. |
RuntimeState | Readonly |
| status_message | Status Message Status Message conveying hints depending on the status value. |
string | Readonly |
EnforcedStatusPerScopeNsxT (schema)
NSX-T Enforced Realized Status Per Scope
NSX-T Detailed Realized Status Per Scope.
This is an abstract type. Concrete child types:
TransportNodeSpanEnforcedStatus
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Resource Type Enforced Realized Status Per Scope Resource Type. |
string | Required Readonly Enum: TransportNodeSpanEnforcedStatus |
EnforcedStatusPerTransportNode (schema)
Enforced Realized Status Per Transport Node
Detailed Realized Status Per Transport Node.
| Name | Description | Type | Notes |
|---|---|---|---|
| display_name | Transport Node Display Name Display name of the transport node. |
string | Readonly |
| enforced_status | Enforced Realized Status Realized Status of an Intent object on this Transport Node. |
EnforcedStatusNsxT | Readonly |
| nsx_id | Transport Node Identifier UUID identifying uniquely the Transport Node. |
string | Readonly |
| path | Transport Node Path Policy Path referencing the transport node. |
string | Readonly |
EnforcementPoint (schema)
Enforcement Point
Enforcement point is the endpoint where policy configurations are applied.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| auto_enforce | Auto Enforce Flag Auto enforce flag suggests whether the policy objects shall be automatically enforced on this enforcement point or not. When this flag is set to true, all policy objects will be automatically enforced on this enforcement point. If this flag is set to false, user shall rely on the usual means of realization, i.e., deployment maps. |
boolean | Default: "True" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildPolicyEdgeCluster ChildPolicyTransportZone |
|
| connection_info | Enforcement Point Connection Info Connection Info of the Enforcement Point. |
EnforcementPointConnectionInfo (Abstract type: pass one of the following concrete types) AviConnectionInfo CvxConnectionInfo NSXTConnectionInfo NSXVConnectionInfo |
Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value EnforcementPoint | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| version | Enforcement point Version Version of the Enforcement point. |
string | Readonly |
EnforcementPointConnectionInfo (schema)
Enforcement Point Connection Info
Contains information required to connect to enforcement point.
This is an abstract type. Concrete child types:
AviConnectionInfo
CvxConnectionInfo
NSXTConnectionInfo
NSXVConnectionInfo
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_address | Enforcement Point Address Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be "10.192.1.1" - On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789" - On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi" |
string | Required |
| resource_type | Connection Info Resource Type Resource Type of Enforcement Point Connection Info. |
string | Required Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo |
EnforcementPointListRequestParameters (schema)
Enforcement Point List Request Parameters
Enforcement point list request parameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
EnforcementPointListResult (schema)
Paged Collection of EnforcementPoints
Paged collection of enforcement points.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Enforcement Point List Results Enforcement Point list Results. |
array of EnforcementPoint | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
EnforcementPointRequest (schema)
Enforcement point request entity
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | Enforcement point path Policy path of enforcement point on request is to be made. |
string |
EntityInstanceCountConstraintExpression (schema)
Represents the leaf level constraint to restrict the number instances of type.
Represents the leaf level constraint to restrict the number of instances of an entity
type that can be created.
Lowering the limit on the number of instances of a given type is allowed even in cases
where there are instances more than the specified limit already in the system.
In this case, creation of new instances of that type will be disallowed unless the number
of instances goes below the limit.
One of the main usage of this expression is to implement Quotas in the multi-tenancy context.
It allows to limit the number of resources which can be created inside a Project or Vpc.
It also forbids consumption of specific resource by putting its entity count to 0.
Note that, update/delete operations will continue to be allowed on already created instances.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| count | Instance count. Instance count. |
integer | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| operator | Operations supported '<' and '<='. | string | Required |
| resource_type | Must be set to the value EntityInstanceCountConstraintExpression | string | Required Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| target_resource_type | Resource type of the target entity. This needs to be set for all
cases where the target does not specify the type.
Target resource type accepts input as DTO Type or FQDN. It also supports dot format like SecurityPolicy.Rule in a scenario where same DTO type shared across across policy sub tree. For example DTO type Rule shared by both security policy and gateway policy rules. So to specify any constraint for Security policy rule, user can define the target resource type SecurityPolicy.Rule. |
string |
EpochMsTimestamp (schema)
Timestamp in milliseconds since epoch
| Name | Description | Type | Notes |
|---|---|---|---|
| EpochMsTimestamp | Timestamp in milliseconds since epoch | integer |
ErrorResolverInfo (schema)
Metadata related to a given error_id
| Name | Description | Type | Notes |
|---|---|---|---|
| error_id | The error id for which metadata information is needed | integer | Required |
| resolver_present | Indicates whether there is a resolver associated with the error or not | boolean | Required |
| user_metadata | User supplied metadata that might be required by the resolver | ErrorResolverUserMetadata |
ErrorResolverInfoList (schema)
Collection of all registered ErrorResolverInfo
| Name | Description | Type | Notes |
|---|---|---|---|
| results | ErrorResolverInfo list | array of ErrorResolverInfo | Required |
ErrorResolverMetadata (schema)
Error along with its metadata
| Name | Description | Type | Notes |
|---|---|---|---|
| entity_id | The entity/node UUID where the error has occurred. | string | Required |
| error_id | The error id as reported by the entity where the error occurred. | integer | Required |
| system_metadata | This can come from some external system like syslog collector | ErrorResolverSystemMetadata | |
| user_metadata | User supplied metadata that might be required by the resolver | ErrorResolverUserMetadata |
ErrorResolverMetadataList (schema)
List of errors with their metadata
| Name | Description | Type | Notes |
|---|---|---|---|
| errors | List of errors with their corresponding metadata. | array of ErrorResolverMetadata | Required |
ErrorResolverSystemMetadata (schema)
Metadata fetched from an external system like Syslog or LogInsight.
| Name | Description | Type | Notes |
|---|---|---|---|
| value | The value fetched from another system | string |
ErrorResolverUserInputData (schema)
Corresponds to one property entered by the user
| Name | Description | Type | Notes |
|---|---|---|---|
| data_type | The datatype of the given property. Useful for data validation | string | Required Enum: TEXT, NUMBER, PASSWORD |
| property_name | Name of the property supplied by the user | string | Required |
| property_value | The value associated with the above property | string |
ErrorResolverUserMetadata (schema)
User supplied metadata needed for resolving errors
| Name | Description | Type | Notes |
|---|---|---|---|
| user_input_list | List of user supplied input data. | array of ErrorResolverUserInputData |
EtherTypeServiceEntry (schema)
A ServiceEntry that represents an ethertype protocol
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| ether_type | Type of the encapsulated protocol | integer | Required |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value EtherTypeServiceEntry | string | Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
EthernetHeader (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dst_mac | Destination MAC address of the Ethernet header The destination MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00. |
string | |
| eth_type | The value of the type field to be put into the Ethernet header This field defaults to IPv4. |
integer | Minimum: 1 Maximum: 65535 Default: "2048" |
| src_mac | Source MAC address of the Ethernet header The source MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00. |
string |
Evaluation (schema)
Criterion Evaluation
Criterion Evaluation is the basic logical condition to evaluate
whether the event could be potentially met.
This is an abstract type. Concrete child types:
SourceFieldEvaluation
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Resource Type Criterion Evaluation resource type. |
string | Required Enum: SourceFieldEvaluation |
Event (schema)
Reaction Event
The Event is the criterion or criteria applied to the source and,
when met, prompt Policy to run the action.
All Reaction Events are constructed with reference to
the object, the "source", that is logically deemed to be the
object upon which the Event in question initially occurred upon.
Some example events include:
- New object was created.
- Change in realization state.
- Specific API is called.
| Name | Description | Type | Notes |
|---|---|---|---|
| criteria | Event Criteria Criteria applied to the source and, if satisfied, would trigger the action. Criteria is composed of criterions. In order for the Criteria to be met, only one of the criterion must be fulfilled (implicit OR). |
array of Criterion | |
| source | Event Source Source that is logically deemed to be the "object" upon which the Event in question initially occurred upon. |
Source (Abstract type: pass one of the following concrete types) ApiRequestBody ResourceOperation |
Required |
EvpnConfig (schema)
Evpn Configuration
Evpn Configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| advanced_config | Advanced configuration for evpn config Advanced configuration for evpn config. |
EvpnConfigAdvancedConfig | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| encapsulation_method | Encapsulation method for EVPN. Encapsulation method for EVPN service that is used by the transport layer. |
EvpnEncapConfig | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| mode | EVPN service mode In INLINE mode, edge nodes participate both in the BGP EVPN control plane route exchange and in data path tunneling between edge nodes and data center gateways. In ROUTE_SERVER mode, edge nodes participate in the BGP EVPN control plane route exchanges only and do not participate in the data forwarding, i.e., the data path tunnels are directly established between the hypervisors and the data center gateways. DISABLE mode disables EVPN service capability. |
string | Enum: INLINE, ROUTE_SERVER, DISABLE Default: "DISABLE" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value EvpnConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
EvpnConfigAdvancedConfig (schema)
Advanced configuration for evpn config
NSX specific configuration for evpn config
| Name | Description | Type | Notes |
|---|---|---|---|
| EvpnConfigAdvancedConfig | Advanced configuration for evpn config NSX specific configuration for evpn config |
object |
EvpnEncapConfig (schema)
Encapsulation method for EVPN
Encapsulation method for EVPN.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| evpn_tenant_config_path | EVPN tenant config path | string | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value EvpnEncapConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| vni_pool_path | vni pool path | string |
EvpnTenantConfig (schema)
Evpn Tenant Configuration for Evpn in ROUTE-SERVER mode.
This resource is relevant only when Evpn Service is configured in ROUTE-SERVER mode.
The resource defines Vlans to VNIs mappings used by Evpn tenant VMs for overlay VXLAN transmission when attached
to vRouter. The resource contains overlay transport_zone_path and vni_pool_path to orchestrate creation of child Logical-Switches.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mappings | VLANs to VNIs mapping spec This property specifies a mapping spec of incoming Evpn tenant vlan-ids to VXLAN VNIs used for overlay transmission to Physical-Gateways used by vRouters. |
array of VlanVniRangePair | Required Minimum items: 1 Maximum items: 2000 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value EvpnTenantConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transport_zone_path | Policy path to the transport zone Policy path to transport zone. Only overlay transport zone is supported. |
string | Required |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| vni_pool_path | Policy path to the vni pool Policy path to the vni pool used for Evpn in ROUTE-SERVER mode. |
string | Required |
EvpnTunnelEndpointConfig (schema)
Evpn Tunnel Endpoint Configuration
Evpn Tunnel Endpoint Configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| edge_path | edge path | string | Required |
| id | Unique identifier of this resource | string | Sortable |
| local_addresses | local addresses | array of IPv4Address | Required Minimum items: 1 Maximum items: 1 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| mtu | MTU | int | Minimum: 64 Maximum: 9100 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value EvpnTunnelEndpointConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ExcludedMembersList (schema)
Represents the list of members that need to be excluded
Represents the list of members that need to be excluded
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address_expression | IP addresses which need to be excluded | IPAddressExpression | |
| path_expression | Paths which need to be excluded. Paths can be only IP address based groups. Upto 50 paths are allowed. |
PathExpression |
ExportRequestParameter (schema)
Export task request parameters
This holds the request parameters required to invoke export task.
| Name | Description | Type | Notes |
|---|---|---|---|
| draft_path | Policy path of draft Policy path of a draft which is to be exported. If not provided, current firewall configuration will then be exported. |
string | |
| passphrase | Passphrase to sign exported files Passphrase to sign exported files. The passphrase specified must be at least 8 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one non-space special character. |
secure_string | Required |
ExportTask (schema)
Export task information
This object holds the information of the export task.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| async_response_available | True if response for asynchronous request is available | boolean | Readonly |
| cancelable | True if this task can be canceled | boolean | Readonly |
| description | Description of the task | string | Readonly |
| draft_path | Policy path of a draft Policy path of a draft if this is an export task to export draft configuration. |
string | Readonly |
| end_time | The end time of the task in epoch milliseconds | EpochMsTimestamp | Readonly |
| exported_file | Name of the exported file Name of the exported file generated after completion of export task. |
string | Readonly |
| failure_msg | Reason of the task failure This property holds the reason of the task failure, if any. |
string | Readonly |
| id | Identifier for this task | string | Readonly |
| message | A message describing the disposition of the task | string | Readonly |
| progress | Task progress if known, from 0 to 100 | integer | Readonly Minimum: 0 Maximum: 100 |
| request_method | HTTP request method | string | Readonly |
| request_uri | URI of the method invocation that spawned this task | string | Readonly |
| start_time | The start time of the task in epoch milliseconds | EpochMsTimestamp | Readonly |
| status | Current status of the task | TaskStatus | Readonly |
| user | Name of the user who created this task | string | Readonly |
Expression (schema)
Base class for each node of the expression
All the nodes of the expression extend from this abstract class. This
is present for extensibility.
This is an abstract type. Concrete child types:
Condition
ConjunctionOperator
ExternalIDExpression
GroupScopeExpression
IPAddressExpression
IdentityGroupExpression
MACAddressExpression
NestedExpression
PathExpression
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Expression | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ExternalGatewayBfdConfig (schema)
External Bidirectional Flow Detection configuration
Configuration for BFD session between host nodes and external gateways.
If this configuration is not provided, system defaults are applied.
| Name | Description | Type | Notes |
|---|---|---|---|
| bfd_profile_path | Policy path to Bfd Profile | string | |
| enable | Enable BFD session Flag to enable BFD session. |
boolean | Default: "True" |
ExternalIDExpression (schema)
External ID expression node
Represents external ID expressions in the form of an array, to support addition of objects like virtual interfaces, virtual machines, CloudNativeServiceInstance PhysicalServer to a group.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| external_ids | Array of external IDs for the specified member type This array can consist of one or more external IDs for the specified member type. |
array of string | Required Minimum items: 1 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| member_type | External ID member type | string | Required Enum: VirtualMachine, VirtualNetworkInterface, CloudNativeServiceInstance, PhysicalServer |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ExternalIDExpression | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
FIPSGlobalConfig (schema)
Global configuration
Global configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| lb_fips_enabled | A flag to turn on or turn off the FIPS compliance of load balancer feature. When this flag is set to true FIPS mode will be set on ssl encryptions of load balancer feature. |
boolean | Default: "False" |
| tls_fips_enabled | A flag to turn on or turn off the FIPS compliance of TLS inspection feature. When this flag is set to true FIPS mode will be set on ssl encryptions of TLS inspection feature. |
boolean | Readonly Default: "False" |
FailedNodeSupportBundleResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| error_code | Error code | string | Required Readonly |
| error_message | Error message | string | Required Readonly |
| node_display_name | Display name of node | string | Required Readonly |
| node_id | UUID of node | string | Required Readonly |
| node_ip | IPv4 address of node | string | Required Readonly |
| node_ipv6 | IPv6 address of node | string | Required Readonly |
FeatureCompatibilityInfo (schema)
Feature Compatibility Info
Feature status information indicating site configuration compatibility with
global manager configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| details | array of CompatibilityDetail | Readonly Maximum items: 10 |
|
| feature | OnboardingFeatureInfo | Required Readonly |
|
| status | Compatibility Status | OnboardingCompatibilityStatus | Required Readonly |
FeatureConflictInfo (schema)
Feature Conflict Info
Feature status information with number of conflicting entities and its total
count associated with the feature.
| Name | Description | Type | Notes |
|---|---|---|---|
| conflict_count | Conflict Count Number of conflicting entities with global entities in the feature during an onboarding stage. |
integer | Readonly |
| feature | OnboardingFeatureInfo | Readonly | |
| total_count | Total Count Total number of entities in the feature during an onboarding stage. |
integer | Readonly |
FeaturePermission (schema)
Feature Permission
| Name | Description | Type | Notes |
|---|---|---|---|
| feature | Feature Id | string | Required |
| feature_description | Feature Description | string | |
| feature_name | Feature Name | string | |
| is_execute_recommended | Is execute recommended | boolean | Readonly |
| is_internal | Is internal | boolean | Readonly |
| permission | Permission | string | Required Enum: crud, read, execute, none |
FeaturePermissionArray (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| feature_permissions | Array of FeaturePermission | array of FeaturePermission | Required |
FeaturePermissionListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List results | array of FeaturePermission | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
FeatureSet (schema)
List of features required to view the widget
Represents list of features required to view the widget.
| Name | Description | Type | Notes |
|---|---|---|---|
| feature_list | List of features required for to view wdiget List of features required for to view widget. |
array of string | |
| require_all_permissions | Flag for specifying if permission to all features is required Flag for specifying if permission to all features is required If set to false, then if there is permission for any of the feature from feature list, widget will be available. |
boolean |
FeatureSummary (schema)
Feature Summary
Feature summary defining overall conflicting count against total number of
entities.
| Name | Description | Type | Notes |
|---|---|---|---|
| total_conflict_count | Total Conflict Count Total number of conflicting entities with global entities accross all features during an onboarding stage. |
integer | Readonly |
| total_count | Total Count Total number of entities across all features during an onboarding stage. |
integer | Readonly |
FeatureSummaryRequestParameters (schema)
Onboarding Feature Summary Request Parameters
Feature summary request parameters for a site.
| Name | Description | Type | Notes |
|---|---|---|---|
| feature | UnsupportedFeature | Required Readonly |
FederationComponentUpgradeStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type for the upgrade status | string | Readonly |
| current_version_node_summary | Mapping of current versions of nodes and counts of nodes at the respective versions. | array of FederationNodeSummary | Readonly |
| details | Details about the upgrade status | string | Readonly |
| percent_complete | Indicator of upgrade progress in percentage | number | Required Readonly |
| status | Upgrade status of component | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSED |
| target_version | Target component version | string | Readonly |
FederationConfig (schema)
Global Manager federation configuration
Global Manager federation configuration. This configuration is distributed
to all Sites participating in federation.
| Name | Description | Type | Notes |
|---|---|---|---|
| site_config | Federation configurations of all Sites | array of SiteFederationConfig | Readonly |
FederationConfiguration (schema)
Federation configuration
Federation configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| epoch | Epoch | integer | Required |
| id | Federation id | string | Required |
| sites | Sites | array of FederationSite | Required |
FederationConnectivityConfig (schema)
Federation connectivity configuration
Additional configuration required for federation.
| Name | Description | Type | Notes |
|---|---|---|---|
| global_overlay_id | Auto generated federation global 24-bit id Global id for by Layer3 services for federation usecases. |
integer | Readonly |
FederationGatewayConfig (schema)
Federation gateway configuration
Additional gateway configuration required for federation
| Name | Description | Type | Notes |
|---|---|---|---|
| global_overlay_id | Auto generated federation global 24-bit id Global id for by Layer3 services for federation usecases. |
integer | Readonly |
| site_allocation_indices | Indicies for cross site allocation
Indicies for cross site allocation for edge cluster and its members referred by gateway. |
array of SiteAllocationIndexForEdge | Readonly |
| transit_segment_id | Auto generated federation global id for transit segment Global UUID for transit segment id to be used by Layer2 services for federation usecases. |
string | Readonly |
FederationInvalidConfigurationDetailsResponse (schema)
Federation Invalid Configuration Details Response
| Name | Description | Type | Notes |
|---|---|---|---|
| feature | Feature information Federation feature with invalid configuration for onboarding a site. |
OnboardingFeatureInfo | Readonly |
| invalid_config_summary | array of InvalidConfigSummary | Readonly Maximum items: 8 |
|
| total_count | Total Resource Count Total resource count in invalid configuration. |
integer | Required Readonly |
FederationNodeSummary (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| node_count | Count of nodes Number of nodes of the type and at the component version. |
int | Required Readonly |
| version | Component version | string | Required Readonly |
FederationQueueInfo (schema)
Details about a specific queue in the flow
Provides insights into details of a specific queue in the flows. For example
Global Manager to Local Manager flow, there is a queue on the Global Manager
for sending and a queue on Local Manager for receiving.
| Name | Description | Type | Notes |
|---|---|---|---|
| current_size | Number of messages in the queue | integer | |
| max_size | Maixmum capacity of the queue | integer | |
| name | Queue name | string | |
| namespace | Queue namespace Every persistent queue has name and namespace. For more debugging like dumping queue, namespace is needed. |
string | |
| type | Queue type - sender or receiver side | string | Enum: TRANSMITTER, RECEIVER |
FederationSite (schema)
Site information
Site information.
| Name | Description | Type | Notes |
|---|---|---|---|
| active_gm | Does site have active GM | string | Required Enum: ACTIVE, STANDBY, NONE, INVALID |
| aph_list | Aph services in the site | array of AphInfo | Required |
| cert_hash | Hash of the trustManagerCert | string | |
| cluster_id | Cluster id | string | |
| config_version | Site config version | integer | |
| id | Id of the site | string | Required |
| is_federated | Is site federated | boolean | Required |
| is_local | Is site local | boolean | Required |
| name | Name of the site | string | Required |
| node_type | Type of node | string | Required Enum: GM, LM, GM_AND_LM |
| site_version | Version of the site | string | Required |
| split_brain | Split brain | boolean | |
| system_id | System id | integer | Required |
| trust_manager_cert | Cert string from trust manager | string | |
| vip_ip | Vip ip | string |
FederationStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| active_standby_sync_statuses | Status of synchronization between active and standby sites. | array of ActiveStandbySyncStatus | Required |
| remote_connections | Site connection status | array of SiteStatus |
FederationUpgradeSummary (schema)
Upgrade Summary
Provides upgrade summary for a specific site.
| Name | Description | Type | Notes |
|---|---|---|---|
| component_status | List of component statuses | array of FederationComponentUpgradeStatus | Required Readonly |
| current_version | Current version of the site This is NSX version for the site. |
string | Required Readonly |
| gpm_name | Name of the global manager Name of the global manager if present. |
string | Readonly |
| id | UUID of this resource Unique identifier of this resource. |
string | Required Readonly |
| last_upgrade_timestamp | Last upgrade timestamp Indicates the time when the site was upgraded. |
string | Readonly |
| name | Name of the site Name of the site. |
string | Readonly |
| overall_upgrade_status | Status of upgrade | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSED |
| site_id | UUID of the site This is the Site Manager generated UUID for every NSX deployment. |
string | Required Readonly |
| site_ip | Site IP IP address of the site. |
string | Required Readonly |
| site_type | Site type Type of this site. |
string | Required Readonly Enum: ACTIVE_GM_SITE, STANDBY_GM_SITE, NON_GM_SITE |
| target_version | Target version for the site This is NSX target version for the site, if it is undergoing upgrade. |
string | Readonly |
FederationUpgradeSummaryListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| current_version | Filter on site current_version Get upgrade information from sites are at a given version. |
string | |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
FederationUpgradeSummaryListResult (schema)
Paged Collection of site upgrade information
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged collection of site upgrade information | array of FederationUpgradeSummary | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
FieldSanityConstraintExpression (schema)
Represents the field value sanity constraint
Represents the field value constraint to constrain specified field
value based on defined sanity checks.
Example - For DNS.upstream_servers, all the IP addresses must either be
public or private.
{
"target": {
"target_resource_type": "DnsForwarderZone",
"attribute": "upstreamServers",
"path_prefix": "/infra/dns-forwarder-zones/"
},
"constraint_expression": {
"resource_type": "FieldSanityConstraintExpression",
"operator": "OR",
"checks": ["ALL_PUBLIC_IPS", "ALL_PRIVATE_IPS"]
}
}
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| checks | Array of sanity checks to be performed on field value List of sanity checks. |
array of string | Required Enum: ALL_PUBLIC_IPS, ALL_PRIVATE_IPS, ALL_IPV6_CIDRS, ALL_IPV6_IPS, ALL_IPV4_CIDRS, ALL_IPV4_IPS |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| operator | A conditional operator | string | Required Enum: OR, AND |
| resource_type | Must be set to the value FieldSanityConstraintExpression | string | Required Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
FieldSetting (schema)
FieldSetting
Field Setting.
| Name | Description | Type | Notes |
|---|---|---|---|
| field_pointer | Field Pointer Field Pointer. |
string | Required |
| value | Value Value that the field must be set to. |
FieldSettingValue (Abstract type: pass one of the following concrete types) ConstantFieldValue |
Required |
FieldSettingValue (schema)
Field Setting Value
Field Setting Value.
This is an abstract type. Concrete child types:
ConstantFieldValue
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Resource Type Field Setting Value resource type. |
string | Required Enum: ConstantFieldValue |
FieldsFilterData (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_info | IP address information This property is deprecated. Please use the property network_info instead. |
IpInfo | Deprecated |
| network_info | Network layer information Network layer information. |
NetworkInfo | |
| resource_type | Must be set to the value FieldsFilterData | string | Required Enum: FieldsFilterData, PlainFilterData Default: "FieldsFilterData" |
| transport_info | Transport layer information Transport layer information. |
TransportInfo |
FieldsPacketData (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| arp_header | The ARP header | ArpHeader | |
| eth_header | The ethernet header | EthernetHeader | |
| frame_size | Requested total size of the (logical) packet in bytes If the requested frame_size is too small (given the payload and traceflow metadata requirement of 16 bytes), the traceflow request will fail with an appropriate message. The frame will be zero padded to the requested size. |
integer | Minimum: 60 Maximum: 1000 Default: "128" |
| ip_header | The IPv4 header | Ipv4Header | |
| ipv6_header | The IPv6 header | Ipv6Header | |
| payload | RFC3548 compatible base64-encoded payload Up to 1000 bytes of payload may be supplied (with a base64-encoded length of 1336 bytes.) Additional bytes of traceflow metadata will be appended to the payload. The payload contains any data the user wants to put after the transport header. |
string | Maximum length: 1336 |
| resource_type | Must be set to the value FieldsPacketData | string | Required Enum: BinaryPacketData, FieldsPacketData Default: "FieldsPacketData" |
| routed | Awareness of logical routing When this flag is set, traceflow packet will have its destination overwritten as the gateway address of the logical router to which the source logical switch is connected. More specifically: - For ARP request, the target IP will be overwritten as gateway IP if the target IP is not in the same subnet of gateway. - For ARP response, the target IP and destination MAC will be overwritten as gateway IP/MAC respectively, if the target IP is not in the same subnet of gateway. - For IP packet, the destination MAC will be overwritten as gateway MAC. However, this flag will not be effective when injecting the traceflow packet to a VLAN backed port. This is because the gateway in this case is a physical gateway that is outside the scope of NSX. Therefore, users need to manually populate the gateway MAC address. If the user still sets this flag in this case, a validation error will be thrown. |
boolean | |
| transport_header | The transport header This field contains a protocol that is above IP. It is not restricted to the 'transport' defined by the OSI model (e.g., ICMP is supported). |
TransportProtocolHeader | |
| transport_type | Transport type of the traceflow packet This type takes effect only for IP packet. |
string | Enum: BROADCAST, UNICAST, MULTICAST, UNKNOWN Default: "UNICAST" |
FileProperties (schema)
File properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| created_epoch_ms | File creation time in epoch milliseconds | integer | Required |
| modified_epoch_ms | File modification time in epoch milliseconds | integer | Required |
| name | File name | string | Required Pattern: "^[^/]+$" |
| path | File path | string | Readonly |
| size | Size of the file in bytes | integer | Required |
FilePropertiesListResult (schema)
File properties query results
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | File property results | array of FileProperties | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
FileThumbprint (schema)
File thumbprint
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| name | File name | string | Required Pattern: "^[^/]+$" |
| sha1 | File's SHA1 thumbprint | string | Deprecated Required |
| sha256 | File's SHA256 thumbprint | string | Required |
FileTransferAuthenticationScheme (schema)
Remote server authentication details
| Name | Description | Type | Notes |
|---|---|---|---|
| identity_file | SSH private key data | secure_string | |
| password | Password to authenticate with | secure_string | |
| scheme_name | Authentication scheme name | string | Required Enum: PASSWORD, KEY |
| username | User name to authenticate with | string | Required Pattern: "^([a-zA-Z][a-zA-Z0-9-.]*[a-zA-Z]\\\){0,1}\w[\w.-]+$" |
FileTransferProtocol (schema)
Protocol to transfer backup file to remote server
| Name | Description | Type | Notes |
|---|---|---|---|
| authentication_scheme | Scheme to authenticate if required | FileTransferAuthenticationScheme | Required |
| protocol_name | Protocol name | string | Required Enum: sftp Default: "sftp" |
| ssh_fingerprint | SSH fingerprint of server The expected SSH fingerprint of the server. If the server's fingerprint does not match this fingerprint, the connection will be terminated. Only ECDSA fingerprints hashed with SHA256 are supported. To obtain the host's ssh fingerprint, you should connect via some method other than SSH to obtain this information. You can use one of these commands to view the key's fingerprint: 1. ssh-keygen -l -E sha256 -f ssh_host_ecdsa_key.pub 2. awk '{print $2}' ssh_host_ecdsa_key.pub | base64 -d | sha256sum -b | sed 's/ .*$//' | xxd -r -p | base64 | sed 's/.//44g' | awk '{print "SHA256:"$1}' |
string | Required Pattern: "^SHA256:.*$" |
FileType (schema)
MalwarePrevention File type
| Name | Description | Type | Notes |
|---|---|---|---|
| FileType | MalwarePrevention File type | string | Enum: DOCUMENT, EXECUTABLE, MEDIA, ARCHIVE, DATA, SCRIPT, OTHER |
FilterWidgetConfiguration (schema)
Filter widget Configuration
Represents configuration for filter widget. This is abstract representation of filter widget.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alias | Alias to be used when emitting filter value Alias to be used when emitting filter value. |
string | |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value FilterWidgetConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
FirewallConfiguration (schema)
Firewall related configurations
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| disable_auto_drafts | Auto draft deactivate flag To deactivate auto drafts, set it to true. By default, auto drafts are enabled. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_firewall | Firewall enable flag If set to true, Firewall is enabled. |
boolean | Default: "True" |
| global_addrset_mode_enabled | A flag to indicate if global address set is enabled in DFW When this flag is set to true, global address set is enabled in Distributed Firewall. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value FirewallConfiguration | string | Required Enum: DfwFirewallConfiguration |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
FirewallFilterByRequestParameters (schema)
Request parameters for filtering entities based on the given criteria
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | Path of the enforcement point Path of the enforcement point from where the result need to be fetched. If not provided, default enforcement point will be considered. It is mandatory parameter on global manager. |
string | |
| parent_path | Path of the parent object of the entities The path of the parent object of entities that are need to be filtered based in the given criteria. Parent path is required for filtering rules of particular policy. |
string | |
| scope | Scope filter criteria All those firewall entities, policies/rules, will be returned whose scope value satisfies the given criteria. The value for scope can be, - virtual machine id or - logical router id. Based on the given scope value, the entities will be filtered. |
string | Required |
FloodProtectionProfile (schema)
Flood Protection profile
A profile holding TCP, UDP and ICMP and other protcol connection limits.
This is an abstract type. Concrete child types:
DistributedFloodProtectionProfile
GatewayFloodProtectionProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| icmp_active_flow_limit | Active ICMP connections limit If this field is empty, firewall will not set a limit to active ICMP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| other_active_conn_limit | Timeout after first TN If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value FloodProtectionProfile | FloodProtectionProfileResourceType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_half_open_conn_limit | Active half open TCP connections limit If this field is empty, firewall will not set a limit to half open TCP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| udp_active_flow_limit | Active UDP connections limit If this field is empty, firewall will not set a limit to active UDP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
FloodProtectionProfileBindingListResult (schema)
Paged Collection of flood protection profile binding maps
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Flood protection profile binding maps list results | array of FloodProtectionProfileBindingMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
FloodProtectionProfileBindingMap (schema)
Policy Flood Protection Profile binding map
This entity will be used to establish association between Flood Protection
profile and Logical Routers.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profile_path | Profile Path PolicyPath of associated Profile |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value FloodProtectionProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
FloodProtectionProfileListRequestParameters (schema)
Flood Protection profile list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
FloodProtectionProfileListResult (schema)
Paged Collection of flood protection profiles
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Flood protection profile list results | array of FloodProtectionProfile (Abstract type: pass one of the following concrete types) DistributedFloodProtectionProfile GatewayFloodProtectionProfile |
Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
FloodProtectionProfileResourceType (schema)
Resource types of flood protection profiles
GatewayFloodProtectionProfile is used for all Tier0 and Tier1 gateways.
DistributedFloodProtectionProfile is used for all Transport Nodes.
| Name | Description | Type | Notes |
|---|---|---|---|
| FloodProtectionProfileResourceType | Resource types of flood protection profiles GatewayFloodProtectionProfile is used for all Tier0 and Tier1 gateways. DistributedFloodProtectionProfile is used for all Transport Nodes. |
string | Enum: GatewayFloodProtectionProfile, DistributedFloodProtectionProfile |
FlowInfo (schema)
Details of config flow
Provides details of config flow in federation
Federation has the following flows
- Global Manager to Local Manager (GM -> LM)
- Local Manager to Glocal Manager (LM -> GM)
- Global Manager Active to Glocal Manager Standby (GM -> GM)
- Local Manager to Local Manager (LM -> LM)
| Name | Description | Type | Notes |
|---|---|---|---|
| cross_site_flow_info | Corss site flow information for the flow | CrossSiteFlowInfo | |
| flow_type | Flow identifier | string | Enum: GM_TO_LM, LM_TO_GM, GM_TO_GM, LM_TO_LM, GM_WORK_QUEUE, GM_DELETE_QUEUE |
| id | System identifier for the flow | string | |
| queue_infos | Queue information for the flow Every flow will have transmitter and receiver queues. |
array of FederationQueueInfo |
Footer (schema)
Widget Footer
Footer of a widget that provides additional information or allows an action such as clickable url for navigation. An example usage of footer is provided under 'example_request' section of 'CreateWidgetConfiguration' API.
| Name | Description | Type | Notes |
|---|---|---|---|
| actions | Footer Actions Action to be performed at the footer of a widget. An action at the footer can be simple text description or a hyperlink to a UI page. Action allows a clickable url for navigation. An example usage of footer action is provided under 'example_request' section of 'CreateWidgetConfiguration' API. |
array of FooterAction | Minimum items: 0 |
| condition | Expression for evaluating condition If the condition is met then the footer will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. |
string | Maximum length: 1024 |
FooterAction (schema)
Widget Footer Action
Action specified at the footer of a widget to provide additional information or to provide a clickable url for navigation. An example usage of footer action is provided under the 'example_request' section of 'CreateWidgetConfiguration' API.
| Name | Description | Type | Notes |
|---|---|---|---|
| dock_to_container_footer | Dock the footer at container If true, the footer will appear in the underlying container that holds the widget. |
boolean | Default: "True" |
| label | Label for action Label to be displayed against the footer action. |
Label | Required |
| url | Clickable hyperlink, if any Hyperlink to the UI page that provides details of action. |
string | Maximum length: 1024 |
ForceRevisionCheckRequestParameter (schema)
Parameter to enforce revision check before updating objects
Forces revision check before updating
| Name | Description | Type | Notes |
|---|---|---|---|
| enforce_revision_check | Force revision check If this is set to true, each child object in the request needs to have _revision property set correctly. System will honor the revision numbers while updating the resources. |
boolean | Default: "False" |
ForwardingPolicy (schema)
Forwarding Policy
Contains ordered list of forwarding rules that determine when to
forward traffic to / from the underlay for accessing cloud native services.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildForwardingRule |
|
| comments | SecurityPolicy lock/unlock comments Comments for security policy lock/unlock. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| internal_sequence_number | Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories. |
int | Readonly |
| is_default | Default policy flag A flag to indicate whether policy is a default policy. |
boolean | Readonly |
| lock_modified_by | User who locked the security policy ID of the user who last modified the lock for the secruity policy. |
string | Readonly |
| lock_modified_time | SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| locked | Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ForwardingPolicy | string | |
| rule_count | Rule count The count of rules in the policy. |
int | Readonly |
| rules | Rules that are a part of this ForwardingPolicy | array of ForwardingRule | |
| scheduler_path | Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration. |
string | |
| scope | The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999. |
int | Minimum: 0 |
| stateful | Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_strict | Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. |
boolean | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ForwardingPolicyListResult (schema)
Paged Collection of ForwardingPolicy objects
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | ForwardingPolicy list results | array of ForwardingPolicy | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ForwardingRule (schema)
Forwarding rule
Forwarding rule that determine how to forward traffic from a VM.
Traffic from VM can either be routed via Overlay or Underlay when VM is on hybrid port.
Additionally NAT can be performed for VM or container on overlay to route traffic to/from underlay
ROUTE_TO_UNDERLAY - Access a service on underlay space from a VM connected to hybrid port. Eg access to AWS S3 on AWS underlay
ROUTE_TO_OVERLAY - Access a service on overlay space from a VM connected to hybrid port.
ROUTE_FROM_UNDERLAY - Access a service hosted on a VM (that is connected to hybrid port) from underlay space. Eg access from AWS ELB to VM
ROUTE_FROM_OVERLAY - Access a service hosted on a VM (that is connected to hybrid port) from overlay space
NAT_FROM_UNDERLAY - Access a service on overlay VM/container from underlay space using DNAT from underlay IP to overlay IP
NAT_TO_UNDERLAY - Access an underlay service from a VM/container on overlay space using SNAT from overlay IP to underlay IP
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Action The action to be applied to all the services |
string | Enum: ROUTE_TO_UNDERLAY, ROUTE_TO_OVERLAY, ROUTE_FROM_UNDERLAY, ROUTE_FROM_OVERLAY, NAT_FROM_UNDERLAY, NAT_TO_UNDERLAY |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_groups | Destination group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| destinations_excluded | Negation of destination groups If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups |
boolean | Default: "False" |
| direction | Direction Define direction of traffic. |
string | Enum: IN, OUT, IN_OUT Default: "IN_OUT" |
| disabled | Flag to deactivate the rule Flag to deactivate the rule. Default is activated. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_protocol | IPv4 vs IPv6 packet type Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null. |
string | Enum: IPV4, IPV6, IPV4_IPV6 |
| is_default | Default rule flag A flag to indicate whether rule is a default rule. |
boolean | Readonly |
| logged | Enable logging flag Flag to enable packet logging. Default is deactivated. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| notes | Text for additional notes on changes Text for additional notes on changes. |
string | Maximum length: 2048 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profiles | Layer 7 service profiles or TLS action profile Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed. |
array of string | Maximum items: 128 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ForwardingRule | string | |
| rule_id | Unique rule ID This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on. |
integer | Readonly |
| scope | The list of policy paths where the rule is applied
LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number of the this Rule This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number |
int | Minimum: 0 |
| service_entries | Raw services In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null. |
array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry |
Maximum items: 128 |
| services | Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| source_groups | Source group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| sources_excluded | Negation of source groups If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups |
boolean | Default: "False" |
| tag | Tag applied on the rule User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ForwardingRuleListRequestParameters (schema)
ForwardingRule list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ForwardingRuleListResult (schema)
Paged Collection of ForwardingRules
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Rule list results | array of ForwardingRule | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
FqdnAnalysisConfig (schema)
FQDN Analysis feature configuration entity
The type contains information about the configuration of the FqdnAnalysis feature for a
specific node.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enabled Property which specifies the enabling/disabling of the feature. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value FqdnAnalysisConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
FullSyncInfo (schema)
Full sync details for the flow
Represents details of the last full sync if full sync is not running,
otherwise returns the status of current full sync.
| Name | Description | Type | Notes |
|---|---|---|---|
| data_streaming_from_source_end_time | End time of streaming full state from source | integer | |
| data_streaming_from_source_progress | Details about full sync on sender side | string | |
| data_streaming_from_source_start_time | Start time of streaming full state from source | integer | |
| end_time | Full sync end time | integer | |
| errors | Errors if any | array of string | |
| fullSyncId | Full sync id | string | |
| reason | Description of full sync reason | string | |
| reason_code | Reason code for full sync Full sync can happen for various internal reasons, as well user can request for one. The code provides the classification of possible reasons to start a full sync. |
string | Enum: QUEUE_OVERFLOW_ON_TRANSMITTER, QUEUE_OVERFLOW_ON_RECEIVER, CONNECTION_RESTORED, LM_ONBOARDED, GM_SWITCHOVER, RESTORED_GM_FROM_BACKUP, RESTORED_LM_FROM_BACKUP, BROWNFIELD_CONFIG_MIGRATION_FROM_LM_TO_GM, GM_REQUESTED_OVERSIZED_PAYLOAD, GM_REQUESTED_SITE_ONBOARDING, GM_REQUESTED_OTHER, LM_REQUSTED_OVERSIZED_PAYLOAD, LM_REQUESTED_OTHER, USER_REQUSTED, OTHER_AR_INTERNAL, POST_UPGRADE_GM, POST_UPGRADE_LM, UNKNOWN |
| receiver_end_time | End time of completing applying full state on receiver side | integer | |
| receiver_start_time | Start time of applying full state on receiver side | integer | |
| receiver_state | Internal receiver state This is optional information, provides useful insights on receiver side once async channel hands over full state data to receiver. |
string | |
| receiver_time_to_apply_in_millis | Time taken by application receiver to apply the full state received | integer | |
| stage | Current stage details if full sync in progress This provides the insights into current full sync stage if in progress. |
string | Enum: NOT_STARTED, REQUESTED_FULL_STATE_FROM_SOURCE, TRANSFERRING_FULL_STATE, COMPLETED_TRANSFERRING_FULL_STATE, DESTINATION_APPLYING_FULL_STATE, COMPLETED_SUCCESSFUL, TIMEOUT_ON_SOURCE_RECEIVE_FULL_STATE, TIMEOUT_ON_DESTINATION_APPLY, COMPLETED_FAILED |
| start_time | Full sync start time | integer | |
| status | Full sync status | string | Enum: NOT_STARTED, IN_PROGRESS, COMPLETED |
| warnings | Errors if any | array of string |
FullSyncState (schema)
Full sync state
Provides FullSync state for Local Manager from Global Manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| errors | Errors occurred during full sync Errors occurred during full sync. |
array of string | Readonly |
| full_sync_id | Full sync id Full sync id generated by Async Replicator (AR) service. |
string | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| last_completed_stage | Full sync stage that is last completed for this request. The current stage of full sync completion for ongoing sync. When Local Manager (LM) receives full sync data from AR, LM starts with workflow to prserve the state and restore the full sync from where it has left off in case of change of leadership of the service to different NSX node or LM is restarted. LM starts the full sync workflow with state INITIAL capturing the AR full sync id and data location details. The stage/state transition follows the order given below INITIAL - Full sync started PROCESSED_FULLSYNC_DATA - Compelted processing the full state data provided by AR PRCESSED_DELTAS - Completed processing pending delta changes provided by AR. DELETED_STALE_ENTITIES - Completed deletion of all global entities on LM that are not in GM anymore COMPLETED - Full sync handling is completed on LM ERROR - Full sync failed with errors on LM, in which case AR will re-attempt full sync later point in time for the LM ABORTED - Indicates that the full sync cancelled as per user request |
string | Readonly Enum: INITIAL, PAUSE_DCNS, DELETED_STALE_ENTITIES, PROCESSED_FULLSYNC_DATA, PROCESSED_DELTAS, UNPAUSE_DCNS, COMPLETED, ERROR, ABORTED |
| last_upate_time | Deprecated, refer to last_update_time for the last update time stamp. | EpochMsTimestamp | Deprecated Readonly Sortable |
| last_update_time | Timestamp of last update, could be progress or success or error. | EpochMsTimestamp | Readonly Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value FullSyncState | string | |
| start_time | Timestamp of Full Sync start. | EpochMsTimestamp | Readonly Sortable |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
FullSyncStateListResult (schema)
Paged Collection of FullSync states.
Paged Collection of FullSync states.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | FullSync states list FullSync states list. |
array of FullSyncState | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
FullSyncStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| completed_at | Time at which the full sync was completed. | string | Required |
| snapshot_version | Snapshot version targeted by full sync. | string | Required |
| status | Status of full sync. | string | Required Enum: UNAVAILABLE, ERROR, ONGOING, COMPLETE, NOT_STARTED |
| sync_id | Identifier for the full sync. | string | Required |
| sync_type | Type of full sync. | string | Required Enum: UNAVAILABLE, STANDARD, FORCED |
GatewayFloodProtectionProfile (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| icmp_active_flow_limit | Active ICMP connections limit If this field is empty, firewall will not set a limit to active ICMP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| nat_active_conn_limit | Maximum limit of active NAT connections The maximum limit of active NAT connections. This limit only apply to EDGE components (such as, gateway). If this property is omitted, or set to null, then there is no limit on the specific component. Meanwhile there is an implicit limit which depends on the underlying hardware resource. |
integer | Minimum: 1 Maximum: 4294967295 Default: "4294967295" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| other_active_conn_limit | Timeout after first TN If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GatewayFloodProtectionProfile | FloodProtectionProfileResourceType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_half_open_conn_limit | Active half open TCP connections limit If this field is empty, firewall will not set a limit to half open TCP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| udp_active_flow_limit | Active UDP connections limit If this field is empty, firewall will not set a limit to active UDP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GatewayGeneralSecurityProfile (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_double_flow | Flag to indicate double flow check is enabled or not The flag to indicate double flow check is enabled or not. This option applies only to EDGE components. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GatewayGeneralSecurityProfile | GeneralSecurityProfileResourceType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GatewayInterfaceReference (schema)
Gateway interface reference
Contains gateway interface details.
| Name | Description | Type | Notes |
|---|---|---|---|
| interface_path | interface path Absolute policy path of member interface. |
string | Required |
GatewayPolicy (schema)
Contains ordered list of Rules for GatewayPolicy
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildRule |
|
| comments | SecurityPolicy lock/unlock comments Comments for security policy lock/unlock. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| internal_sequence_number | Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories. |
int | Readonly |
| is_default | Default policy flag A flag to indicate whether policy is a default policy. |
boolean | Readonly |
| lock_modified_by | User who locked the security policy ID of the user who last modified the lock for the secruity policy. |
string | Readonly |
| lock_modified_time | SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| locked | Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GatewayPolicy | string | |
| rule_count | Rule count The count of rules in the policy. |
int | Readonly |
| rules | Rules that are a part of this SecurityPolicy | array of Rule | |
| scheduler_path | Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration. |
string | |
| scope | The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999. |
int | Minimum: 0 |
| stateful | Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_strict | Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. |
boolean | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GatewayPolicyListResult (schema)
Paged Collection of gateway policies
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | GatewayPolicy list results | array of GatewayPolicy | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
GatewayQosProfile (schema)
QoS configuration of Tier1 gateway
QoS profile contains configuration of rate limiting properties which can be
applied in ingress and egress directions at Tier1 gateways
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| burst_size | Burst size in bytes Burst size in bytes. |
int | Minimum: 1 Default: "1" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| committed_bandwidth | Committed bandwidth in Mbps Committed bandwidth in both directions specified in Mbps. Bandwidth is limited to line rate when the value configured is greater than line rate. |
int | Minimum: 1 Default: "1" |
| committed_bandwitdth | Committed bandwidth in Mbps Committed bandwidth in both directions specified in Mbps. Bandwidth is limited to line rate when the value configured is greater than line rate. This property is deprecated, use committed_bandwidth instead. |
int | Deprecated Minimum: 1 Default: "1" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| excess_action | Action on traffic exceeding bandwidth. Action on traffic exceeding bandwidth. |
string | Enum: DROP |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GatewayQosProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GatewayQosProfileConfig (schema)
Gateway QoS profile configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| egress_qos_profile_path | Egress QoS profile Policy path to gateway QoS profile in egress direction. |
string | |
| ingress_qos_profile_path | Ingress QoS profile Policy path to gateway QoS profile in ingress direction. |
string |
GatewayQosProfileListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of GatewayQosProfile | array of GatewayQosProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
GatewayRecoverySiteConfig (schema)
Recovery site config
Recovery site config
| Name | Description | Type | Notes |
|---|---|---|---|
| failover_linked_tier1_gateway | Failover Linked Tier-1 Gateway Linked Tier1 gateway whose primary site matches from_site_path and are stretched to new primary site are recovered on new primary site path. |
boolean | Default: "True" |
| tier0_gateway_path | Tier-0 gateway path Path of Tier-0 gateway |
string | Required |
| to_primary_site_path | Recovery site path Recovery site path |
string | Required |
GatewayRouteCsvRecord (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| admin_distance | The admin distance of the next hop | integer | |
| black_hole | BlackHole Value of this field will be true if given routes are null routes |
boolean | Readonly |
| edge_path | Edge path Edge node policy path. |
string | Readonly |
| interface | The policy path of the interface which is used as the next hop | string | |
| lr_component_id | Logical router component(Service Router/Distributed Router) id | string | |
| lr_component_type | Logical router component(Service Router/Distributed Router) type | string | |
| network | CIDR network address | IPCIDRBlock | Required |
| next_hop | The IP of the next hop | IPAddress | |
| next_hop_gateway | Next hop gateway path | string | |
| route_type | Route type (USER, CONNECTED, NSX_INTERNAL,..) | string | Required |
GatewayRouteTableInCsvFormat (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| file_name | File name File name set by HTTP server if API returns CSV result as a file. |
string | |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| results | array of GatewayRouteCsvRecord |
GatewaySiteFailoverActionConfig (schema)
Gateway site failover action
configuration to trigger site failover for one or more Tier0 and linked Tier1 gateway(s).
| Name | Description | Type | Notes |
|---|---|---|---|
| from_site_path | Source site path Source site path for failover. Gateway whose primary site path matches from_site_path are considered for recovery. |
string | Required |
| to_primary_site_config | Recovery site for gateway Recovery stie for Tier-0 gateway and linked Tier-1 gateway. |
array of GatewayRecoverySiteConfig | Required Maximum items: 200 |
GeneralSecurityProfile (schema)
General Security profile
A profile holding general security settings.
This is an abstract type. Concrete child types:
GatewayGeneralSecurityProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GeneralSecurityProfile | GeneralSecurityProfileResourceType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GeneralSecurityProfileBindingMap (schema)
Policy General Security profile binding map
This entity will be used to establish association between General Security
profile and Logical Routers.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profile_path | Profile Path PolicyPath of associated Profile |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GeneralSecurityProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GeneralSecurityProfileResourceType (schema)
Resource types of General Security profiles
GatewayGeneralSecurityProfile is used for all Tier0 and Tier1 gateways.
| Name | Description | Type | Notes |
|---|---|---|---|
| GeneralSecurityProfileResourceType | Resource types of General Security profiles GatewayGeneralSecurityProfile is used for all Tier0 and Tier1 gateways. |
string | Enum: GatewayGeneralSecurityProfile |
GenericDhcpOption (schema) (Deprecated)
Generic DHCP option
Define DHCP options other than option 121.
| Name | Description | Type | Notes |
|---|---|---|---|
| code | DHCP option code, [0-255] Code of the dhcp option. |
integer | Required Minimum: 0 Maximum: 255 |
| values | DHCP option value Value of the option. |
array of string | Required Minimum items: 1 Maximum items: 10 |
GenericPolicyRealizedResource (schema)
Generic realized entity
Represents realized entity
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alarms | Alarm info detail | array of PolicyAlarmResource | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enforcement_point_path | Enforcement Point Path The path of the enforcement point. |
string | Readonly |
| entity_type | Type of realized entity | string | Readonly |
| extended_attributes | Collection of type specific properties | array of AttributeVal | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| intent_paths | Collection of intent paths | array of string | Readonly |
| intent_reference | Desire state paths of this object | array of string | |
| operational_status | String representation of operational status Possible values could be UP, DOWN, UNKNOWN, FAILURE This list is not exhaustive. |
string | |
| operational_status_error | String representation of operational status error It defines the root cause for operational status error. |
string | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| publish_status | String representation of publish status Possible values could be UP, DOWN, UNKNOWN, SUCCESS This list is not exhaustive. |
string | |
| publish_status_error | String representation of publish status error It defines the root cause for publish status error. |
string | |
| publish_status_error_code | Represents error code for publish status. It defines error code for publish status error. |
int | |
| publish_status_error_details | Details for publich status error. Error details for publish status. |
array of ConfigurationStateElement | |
| publish_time | Publish time of the intent This is the time when our system detects that data has been pushed to the transport nodes. This is based on a poll mechanism and hence this is not the accurate time when the intent was published at the data path. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the publish_time will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for publish_time |
EpochMsTimestamp | Readonly Sortable |
| realization_api | Realization API of this object on enforcement point | string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| realization_specific_identifier | Realization id of this object | string | |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GenericPolicyRealizedResource | string | |
| runtime_error | String representation of runtime error It define the root cause for runtime error. |
string | |
| runtime_status | String representation of runtime status Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not exhaustive. |
string | Deprecated |
| site_path | Site Path The site where this entity resides. |
string | Readonly |
| state | Realization state of this object | string | Required Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| time_taken_for_realization | Appoximate time taken in milliseconds for end to end realization. This is an approximate time taken for the realization of the intent to the data path. The actual time taken could be lesser than what is reported here. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the time taken for realization will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for time_taken_for_realization |
integer | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GenericPolicyRealizedResourceListResult (schema)
GenericPolicyRealizedResource list result
GenericPolicyRealizedResource list result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of GenericPolicyRealizedResources List of realized resources |
array of GenericPolicyRealizedResource | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
GetBackupUiFramesInfoRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| ui_tab_type | string | Readonly Enum: LOCAL_MANAGER_TAB, GLOBAL_MANAGER_TAB Default: "LOCAL_MANAGER_TAB" |
GetCertParameter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| details | whether to expand the pem data and show all its details | boolean | Default: "False" |
GetSNMPParameters (schema)
Get SNMP request parameters
Get SNMP request parameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| show_sensitive_data | Show SNMP sensitive data or not Whether to show SNMP service properties including community strings if any applicable. |
boolean | Default: "False" |
GlobalCollectorConfig (schema)
Abstract base type for Global collector configurations of different types
The GlobalCollectorConfig is the base class for global collector configurations for
different types in a NSX domain.
This is an abstract type. Concrete child types:
VrniGlobalCollector
WaveFrontGlobalCollector
| Name | Description | Type | Notes |
|---|---|---|---|
| collector_ip | IP address for the global collector collector IP address for the global collector. |
IPAddress | Required |
| collector_port | Port for the global collector Port for the global collector. |
int | Required Minimum: 0 Maximum: 65535 |
| collector_type | Specify the global collector type. | GlobalCollectorType | Required |
GlobalCollectorType (schema)
Valid Global collector types
| Name | Description | Type | Notes |
|---|---|---|---|
| GlobalCollectorType | Valid Global collector types | string | Enum: VRNI, WAVE_FRONT |
GlobalConfig (schema)
Global configuration
Global configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| allow_changing_vdr_mac_in_use | A flag to indicate if changing the VDR MAC being used is allowed When this flag is set to true, it is allowed to change the VDR MAC being used by existing transport nodes in a NSX system. The VDR MAC used by a host switch in a transport node is decided by the OVERLAY transport zone(s) which the host switch joins. If any of the OVERLAY transport zone(s) has "nested_nsx" property set to true, the MAC in "vdr_mac_nested" is used; otherwise the MAC in "vdr_mac" is used. Thus the VDR MAC being used by a host switch in a transport node can be changed in below ways. If the host switch is not in any OVERLAY transport zone whose "nested_nsx" property is true but is in an OVERLAY transport zone, the first way is updating the "vdr_mac" property. The 2nd way is updating one of the OVERLAY transport zones joined by the host switch to set "nested_nsx" property true which will make the host switch use the VDR MAC in "vdr_mac_nested". The third way is directly updating the transport node to add an OVERLAY transport zone whose "nested_nsx" property is true into the host switch which will also make the host switch use the VDR MAC in "vdr_mac_nested". If the host switch is in some OVERLAY transport zone(s) whose "nested_nsx" property is true, the first way is updating the "vdr_mac_nested" property. The 2nd way is updating all those OVERLAY transport zones to set "nested_nsx" property false which will make the host switch use the VDR MAC in "vdr_mac". The third way is directly updating the transport node to remove all those OVERLAY transport zones from the host switch which will also make the host switch use the VDR MAC in "vdr_mac". Please note that changing the VDR MAC being used by existing transport nodes will most likely cause traffic disruption and network outage! |
boolean | Default: "False" |
| arp_limit_per_gateway | ARP limit per Tier0/Tier1 gateway Global configuration of maximum number of ARP entries per transport node at each Tier0/Tier1 gateway. |
int | Minimum: 5000 Maximum: 50000 Default: "50000" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| external_gateway_bfd | External Bidirectional Flow Detection configuration Configuration for BFD session between host nodes and external gateways. If this configuration is not provided, system defaults are applied. |
ExternalGatewayBfdConfig | |
| fips | FIPS enabled config Contains the FIPSGlobalConfig object. |
FIPSGlobalConfig | |
| global_replication_mode_enabled | A flag to indicate if global replication mode is enabled When this flag is set true, certain types of BUM packets will be sent to all VTEPs in the global VTEP table, ignoring the logical switching span. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| is_inherited | This field indicates whether this is a copy version of GM/NSX+ or not if True, meaning that this is a copy version of GM if False, meaning that this is a local version on LM |
boolean | |
| l3_forwarding_mode | L3 forwarding mode Configure forwarding mode for routing. This setting does not restrict configuration for other modes. |
string | Enum: IPV4_ONLY, IPV4_AND_IPV6 Default: "IPV4_ONLY" |
| lb_ecmp | Flag for controlling equal-cost multi-path(ECMP) load balancing. Flag to activate/deactivate ECMP load balancing. By default ECMP load balancing is deactivated. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| mtu | MTU size Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit. This is the global default MTU for all the EXTERNAL (uplink) and SERVICE (CSP) interfaces in the NSX domain. There is no option to override this value at the transport zone level or transport node level. |
int | Minimum: 1280 |
| operation_collectors | Operation global collector config This property is a part of OpsGlobalConfig object. Use /infra/ops-global-config instead. The VRNI and WAVE_FRONT collector type can be defined to collect the metric data. The WAVE_FRONT collector type can only be used in VMC mode. |
array of GlobalCollectorConfig (Abstract type: pass one of the following concrete types) VrniGlobalCollector WaveFrontGlobalCollector |
Deprecated |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| physical_uplink_mtu | MTU for the physical uplinks This is the global default MTU for all the physical uplinks in a NSX domain. This is the default value for the optional uplink profile MTU field. When the MTU value is not specified in the uplink profile, this global value will be used. This value can be overridden by providing a value for the optional MTU field in the uplink profile. Whenever this value is updated, the updated value will only be propagated to the uplinks that don't have the MTU value in their uplink profiles. If this value is not set, the default value of 1700 will be used. The Transport Node state can be monitored to confirm if the updated MTU value has been realized. |
int | Default: "1700" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| remote_tunnel_physical_mtu | The physical MTU for the remote tunnel endpoints This is the global default MTU for all the physical remote tunnel endpoints in an NSX domain. Please consider intersite link MTU minus any external overhead when defining the MTU. If this value is not set, the default value of 1500 will be used. |
int | Default: "1700" |
| resource_type | Must be set to the value GlobalConfig | string | |
| site_infos | Collection of Site information Information related to sites applicable for given config. |
array of SiteInfo | Maximum items: 16 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| uplink_mtu_threshold | Upper threshold for MTU on physical and logical uplinks This value defines the upper threshold for the Maximum Transmission Unit (MTU) value that can be configured at a physical uplink level or a logical routing uplink level in a NSX domain. All Uplink profiles validate against this value so that the MTU specified in an Uplink profile does not exceed this global upper threshold. Similarly, when this value is modified, the new value must be greater than or equal to any existing Uplink profile's MTU. |
int | Default: "9000" |
| vdr_mac | MAC address of the Virtual Distributed Router (VDR) port This is the global default MAC address for all VDRs in all transport nodes in a NSX system. It can be changed only when there is no transport node in the NSX system. This value cannot be same as vdr_mac_nested. When the property "allow_changing_vdr_mac_in_use" is false, it can not be changed if the current VDR MAC is being used by any transport node. A transport node uses this VDR MAC if any host switch in the node is in OVERLAY transport zone(s) but none of the transport zone(s) has "nested_nsx" property being true. |
MACAddress | Default: "02:50:56:56:44:52" |
| vdr_mac_nested | The MAC address of the Virtual Distributed Router (VDR) port in a nested NSX environment. This is the global default MAC address for all VDRs in all transport nodes in a NSX system nested in another NSX system. It can be changed only when there is no transport node in the NSX system. All transport zones in such a nested NSX system will have the "nested_nsx" property being true so that all transport nodes will use this MAC for the VDR ports to avoid conflict with the VDR MAC in the outer NSX system. When the property "allow_changing_vdr_mac_in_use" is false, it can not be changed if the current VDR MAC is being used by any transport node in a nested NSX environment. A transport node uses this VDR MAC if any host switch in the node is in an OVERLAY transport zone whose "nested_nsx" property is true. |
MACAddress | Default: "02:50:56:56:44:53" |
GlobalDfwConfiguration (schema)
Global distributed firewall configuration for a specific site
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_firewall | Distributed firewall enable flag If set to true, distributed firewall is enabled on a specified site. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GlobalDfwConfiguration | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GlobalDfwConfigurationListResult (schema)
Paged Collection of global distributed firewall configurations for all the sites
Paged Collection of global distributed firewall configurations for all the sites.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Global distributed firewall configuration list results Global distributed firewall configuration list results. |
array of GlobalDfwConfiguration | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
GlobalIdsSettings (schema)
Global Intrusion Detection System settings
Represents the Intrusion Detection System settings for NSX+.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| auto_update | Auto update signatures flag Parameter to let the user decide whether to update the IDS Signatures automatically or not. |
boolean | Default: "False" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GlobalIdsSettings | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GlobalIdsSignature (schema)
Global IDS signature
Global IDS signature.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Global IDS signature's action It denotes the global action of a IDS Signature. This will take precedence over IDS signature's action. |
string | Enum: ALERT, DROP, REJECT |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable | Flag to Activate/Deactivate a IDS Signature globally. Flag through which user can Activate/Deactivate a Signature at Global Level. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GlobalIdsSignature | string | |
| signature_id | Signature ID Represents the Signature's id. |
string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GlobalManager (schema)
Global Manager
Global Manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| connection_info | Connection information To create a standby GM, the connection information (username, password, and API thumbprint) for at least one NSX manager node in the remote site must be provided. Once the GM has been successfully onboarded, the connection_info is discarded and authentication to the standby GM occurs using an X.509 client certificate. |
array of SiteNodeConnectionInfo | Maximum items: 3 |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fail_if_rtt_exceeded | Fail onboarding if maximum RTT exceeded Fail onboarding if maximum RTT exceeded. |
boolean | Default: "True" |
| federation_id | Global manager federation UUID Internally generated UUID to the federation of Global Manager. |
string | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| maximum_rtt | Maximum acceptable packet round trip time (RTT) If provided and fail_if_rtt_exceeded is true, onboarding of the site will fail if measured RTT is greater than this value. |
integer | Minimum: 0 Maximum: 1000 Default: "250" |
| mode | Mode of the global manager There can be at most one ACTIVE global manager and one STANDBY global manager. In order to add a STANDBY manager, there must be an ACTIVE manager defined. |
string | Required Enum: ACTIVE, STANDBY |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GlobalManager | string | |
| site_id | UUID of the site where Global manager is running UUID of the site where Global manager is running. This is the Site Manager generated UUID for every NSX deployment. |
string | Readonly |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GlobalManagerConfig (schema)
Global Manager configuration
This configuration is distributed to all Sites participating in federation.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GlobalManagerConfig | string | |
| rtep_config | Global Manager federation RTEP configuration Global Manager federation RTEP configuration. This configuration is distributed to all Sites participating in federation. |
GmRtepConfig | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GlobalManagerListRequestParameters (schema)
Site List Request Parameters
Site list request parameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
GlobalManagerListResult (schema)
Paged Collection of Global Managers
Paged Collection of Global Managers.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Global Manager List Result Global Manager List Result. |
array of GlobalManager | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
GlobalManagerSwitchOverRequestParameter (schema)
Parameter to force switchover
Parameter to force switch over from Standby to Active.
| Name | Description | Type | Notes |
|---|---|---|---|
| force | Indciates force switchover to Active If true indicates that user requested make standby Global Manager as active ignoring the state of current active Global Manager. Typically, recommended to use when active Global Manager is failed or not reachable. |
boolean |
GlobalRestoreStatus (schema)
Overall restore process status
| Name | Description | Type | Notes |
|---|---|---|---|
| description | A description of the restore status | string | Required Readonly |
| value | Global rolled-up restore status value | string | Required Readonly Enum: INITIAL, SUCCESS, FAILED, RUNNING, SUSPENDED_BY_USER, SUSPENDED_FOR_USER_ACTION, SUSPENDED, ABORTED |
GmConfigOnboardingConflictEntityInfo (schema)
GM config Onboarding Conflicting Entity Info
Conflicting Entity information on GM.
| Name | Description | Type | Notes |
|---|---|---|---|
| error_messages | ConfigOnboardingError | Readonly | |
| example | Conflict example Conflict example |
OnboardingFeatureInfo | Readonly |
GmFederationSiteConfig (schema)
Federation configuration for the site
Additional configuration required for federation at Site.
| Name | Description | Type | Notes |
|---|---|---|---|
| transit_subnet | Transit subnet in CIDR format IP Addresses to be allocated for transit segment when the gateway is stretched. Note that Global Manager will carve out the IP Pool for each site to be used for edge nodes when gateway is stretched based on the user provided subnet and maximum number of edge nodes allowed per site. |
string | Format: ip-cidr-block |
GmNodeStatus (schema)
Represents the Global Manager node switchover status
| Name | Description | Type | Notes |
|---|---|---|---|
| end_time | End time of the switchover operation | integer | |
| errors | Errors if any | array of string | |
| node_id | UUID of the Global Manager node | string | |
| start_time | Start time of the switchover operation | integer | |
| status | Status of switchover operation | string | Enum: IN_PROGRESS, COMPLETED, FAILED |
| warnings | Errors if any | array of string |
GmOperationalState (schema)
Represents the operational state of Global Manager
Represents the switchover operational state of Global Manager. Offers information
about the current switchover operation including status from each Global Manager
node and the errors if any.
| Name | Description | Type | Notes |
|---|---|---|---|
| consolidated_progress | Consolidated status of the current operation | string | Enum: IN_PROGRESS, COMPLETED, FAILED |
| end_time | End time of the switchover operation | integer | |
| errors | Errors if any | array of string | |
| node_statuses | Switchover status from each NSX Global Manager appliance node | array of GmNodeStatus | |
| site_manager_ref | Timestamp reference for the change provided by SiteManager | integer | |
| start_time | Start time of the switchover operation | integer | |
| status | The current switchover operation requested. | string | Required Enum: NONE, ACTIVE, STANDBY, SWITCHING_TO_ACTIVE, SWITCHING_TO_STANDBY, DECOMMISSIONED |
| warnings | Errors if any | array of string |
GmRtepConfig (schema)
Global Manager federation RTEP configuration
Global Manager federation RTEP configuration. This configuration is distributed
to all Sites participating in federation.
| Name | Description | Type | Notes |
|---|---|---|---|
| ibgp_password | Password for IBGP sessions between federated sites Password to authenticate IBGP session between remote tunnel endpoints created on federated sites. This is applied to inter-site underlay IBGP neighbors created over remote tunnel endpoints on all sites. Empty string ("") clears existing password. |
secure_string | Maximum length: 20 |
GraphConfiguration (schema)
Graph Configuration
Represents configuration of a graph widget
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| axes | Axes of a graph | Axes | |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| display_x_value | Show or hide the value of a point on X axis If true, value of a point is shown as label on X axis. If false, value of point is not shown as label on X axis. false can be useful in situations where there are too many points and showing the X value as label can clutter the X axis. |
boolean | Default: "False" |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| graphs | Graphs | array of GraphDefinition | Required Minimum items: 1 |
| graphs_colors | A colors for the graph An array of graphs colors which will be applied to each graph seperately. if number of provided colors are smaller than number of graph in the widget then colors are applied in circular manner. |
array of string | |
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| line_chart_plot_configs | List of line chart plotting configuration List of line chart plotting configuration. This plotting configuration will be applicable for the LINE_GRAPH only. |
array of LineChartPlotConfiguration | |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. |
string | |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value GraphConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| sub_type | Subtype of a graph Describes the the type of graph. LINE_GRAPH shows a line graph chart BAR_GRAPH shows a simple bar graph chart STACKED_BAR_GRAPH shows a stacked bar graph chart |
string | Enum: LINE_GRAPH, BAR_GRAPH, STACKED_BAR_GRAPH Default: "BAR_GRAPH" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
| x_value_type | x value type x value type. |
string | Enum: string, number, date, millisecond, second Default: "string" |
| y_value_type | y value type y value type. |
string | Enum: integer, double |
GraphDefinition (schema)
Definition of a graph
Defines a graph
| Name | Description | Type | Notes |
|---|---|---|---|
| id | Identifier of graph Identifier of graph. It can be used to differentiate multiple graph series present in GraphWidgetConfiguration. |
string | |
| label | Label of a graph Describes the graph. It labels the entities of graph. If the label is not provided then it is not shown for a graph. For example, for a single graph, the title of widget can describe the graph and a label may not be necessary to be shown. |
Label | |
| point_definition | Definition for points of a graph Defines the points of a graph. |
PointDefinition | Required |
| render_configuration | Render Configuration Additional rendering or conditional evaluation of the field values to be performed, if any. |
array of RenderConfiguration | Minimum items: 0 |
| row_list_field | Expression for series of the graph An expression that represents the series of the graph |
string |
GridConfiguration (schema)
Grid Configuration
Represents configuration of a Grid or Table widget.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| columns | Columns Array of columns of a Grid widget |
array of ColumnItem | Required |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| page_size | Page Size Number of records per page. page_size will be effective only when the urls provided in the datasource support paging. |
int | Default: "30" |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value GridConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| row_list_fields | List of fields from which rows are formed Rows of grid or table are formed from the list of objects returned by a row list field. |
array of RowListField | Required Minimum items: 1 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
Group (schema)
Group
Group.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildDnsSecurityProfileBindingMap ChildGroupDiscoveryProfileBindingMap ChildPolicyFirewallFloodProtectionProfileBindingMap ChildPolicyFirewallSessionTimerProfileBindingMap |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| expression | Expression The expression list must follow below criteria: 1. A non-empty expression list, must be of odd size. In a list, with indices starting from 0, all non-conjunction expressions must be at even indices, separated by a conjunction expression at odd indices. 2. The total of ConditionExpression and NestedExpression in a list should not exceed 5. 3. The total of IPAddressExpression, MACAddressExpression, external IDs in an ExternalIDExpression and paths in a PathExpression must not exceed 500. 4. Each expression must be a valid Expression. See the definition of the Expression type for more information. |
array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression GroupScopeExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression |
|
| extended_expression | Extended Expression Extended Expression allows additional higher level context to be specified for grouping criteria. (e.g. user AD group) This field allow users to specified user context as the source of a firewall rule for IDFW feature. Current version only support a single IdentityGroupExpression. In the future, this might expand to support other conjunction and non-conjunction expression. The extended expression list must follow below criteria: 1. Contains a single IdentityGroupExpression. No conjunction expression is supported. 2. No other non-conjunction expression is supported, except for IdentityGroupExpression. 3. Each expression must be a valid Expression. See the definition of the Expression type for more information. 4. Extended expression are implicitly AND with expression. 5. No nesting can be supported if this value is used. 6. If a Group is using extended expression, this group must be the only member in the source field of an communication map. |
array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression GroupScopeExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression |
Maximum items: 1 |
| group_type | Indicates the group type. Group type can be specified during create and update of a group. Empty group type indicates a 'generic' group, ie group can include any entity from the valid GroupMemberType. |
array of GroupTypes | Maximum items: 1 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| reference | Indicates if the group is a reference. If true, indicates that this is a remote reference group. Such group will have span different from the its parent domain. Default value is false. |
boolean | Readonly Default: "False" |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Group | string | |
| state | Realization state of this group | string | Readonly Enum: IN_PROGRESS, SUCCESS, FAILURE |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GroupDeleteRequestParameters (schema) (Deprecated)
Group delete request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| fail_if_subtree_exists | Do not delete if the group subtree has any entities Check if the group sub-tree has any entities. These primarily include the binding maps that point to various profiles. If this flag is passed as true, the group delete fails if any binding maps exist in the group sub-tree. By default, this flag is false, which means that the group is deleted along with the group sub-tree. |
boolean | Default: "False" |
| force | Force delete the resource even if it is being used somewhere
If true, deleting the resource succeeds even if it is being referred as a resource reference. |
boolean | Default: "False" |
GroupDiscoveryProfileBindingMap (schema)
Map for binding group with discovery profile
This entity will be used to establish association between discovery profile and
Group. With this entity, user can specify intent for applying discovery profile
profile to particular Group.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profile_path | Profile Path PolicyPath of associated Profile |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GroupDiscoveryProfileBindingMap | string | |
| sequence_number | Sequence number group discovery profile Binding Map Sequence number used to resolve conflicts betweeen two profiles applied on the same group. Lower sequence number takes higher precedence. Two binding maps applied to the same profile must have the same sequence number. User defined sequence numbers range from 1 through 100,000. System defined sequence numbers range from 100,001 through 200,000. |
integer | Minimum: 1 Maximum: 100000 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GroupDiscoveryProfileBindingMapListRequestParameters (schema)
Group Discovery Profile Binding Map List Request Parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
GroupDiscoveryProfileBindingMapListResult (schema)
Paged collection of Group Discovery Profile Binding Map
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Group Discovery Profile Binding Map List Results | array of GroupDiscoveryProfileBindingMap | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
GroupListRequestParameters (schema)
Group list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| member_types | Comma Separated Member types Optionally, specify valid member types as request parameter to filter NSGroups. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
GroupListResult (schema)
Paged Collection of Groups
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Group list results | array of Group | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
GroupMemberActionParameters (schema)
Request Parameters for Group members
Request Parameter to either add or remove the Group members.
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Add or Remove group members. Action parameter determines whether to add or remove the group members. |
string | Required Enum: add, remove |
GroupMemberList (schema)
Members to add or remove for a Group.
List of same type members to either add or remove from a group.
| Name | Description | Type | Notes |
|---|---|---|---|
| members | Groups members collection This array contains group members of similar types. |
array of string | Required Minimum items: 1 Maximum items: 4000 |
GroupMemberTagsList (schema)
Group tags list for a particular member type
Collection of tags used in a policy group for a particular member type
| Name | Description | Type | Notes |
|---|---|---|---|
| member_type | Member type for which we will list the tags | string | Required |
| tags | List of tags for the member type | array of string | Required |
GroupMemberType (schema)
Valid Group member type
| Name | Description | Type | Notes |
|---|---|---|---|
| GroupMemberType | Valid Group member type | string | Enum: VirtualMachine, VirtualNetworkInterface, SegmentPort, Segment, CloudNativeServiceInstance, IPAddress, MACAddress, IPSet, IdentityGroup, PhysicalServer, Pod, Service, Namespace, Cluster, TransportNode, Group, DVPG, DVPort, KubernetesCluster, KubernetesNamespace, AntreaEgress, AntreaIPPool, KubernetesIngress, KubernetesGateway, KubernetesService, KubernetesNode, VpcSubnet, VpcSubnetPort |
GroupMemberTypeListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| result_count | Count of the member types in the results array | integer | Required Readonly |
| results | Collection of member types for the given Group | array of GroupMemberType | Required |
GroupMonitoringProfileBindingMap (schema)
Group Monitoring Profile binding map
This entity will be used to establish association between monitoring
profile and Group. Using this entity, you can specify intent for applying
monitoring profile to particular Group. Group with membership criteria vm
only supported as source group. Port mirroring is only supported on group
with five vms.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ipfix_dfw_profile_path | IPFIX DFW Profile Path PolicyPath of associated IPFIX DFW Profile |
string | |
| ipfix_l2_profile_path | IPFIX L2 Profile Path PolicyPath of associated IPFIX L2 Profile |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| port_mirroring_profile_path | Port Mirroring Profile Path PolicyPath of associated Port Mirroring Profile |
string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GroupMonitoringProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GroupScopeExpression (schema)
Scope association expression node
Represents scope of the workloads that needs to be added to the Group.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GroupScopeExpression | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| scope_path | Path of the scope | string | Required |
| scope_type | Scope type | string | Required Enum: PROJECT, VPC |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GroupStatusListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| has_errors | Flag to indicate whether to return only upgrade units with errors | boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
GroupTagsList (schema)
Group tags list listed per member type
Collection of tags used in a policy group listed per member type
| Name | Description | Type | Notes |
|---|---|---|---|
| results | Collection of tags used in a policy group listed per member type | array of GroupMemberTagsList | Required |
GroupTypes (schema)
Valid Group Types.
ANTREA group type includes IPAddress, Pod, NameSpace and Service group member types.
| Name | Description | Type | Notes |
|---|---|---|---|
| GroupTypes | Valid Group Types. ANTREA group type includes IPAddress, Pod, NameSpace and Service group member types. |
string | Enum: IPAddress, ANTREA |
Header (schema)
Widget Header
Header of a widget that provides additional information. This will be shown at the container level. It includes details as label value pairs.
| Name | Description | Type | Notes |
|---|---|---|---|
| condition | Expression for evaluating condition If the condition is met then the header will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. |
string | Maximum length: 1024 |
| content_alignment | alignment for labelvalue pair Alignment of header labels. |
string | Enum: LEFT, RIGHT Default: "RIGHT" |
| sub_header_widgets | An array of widgets inside the container header An array of widgets which will appear inside the container header Instead of 'sub_headers' property use this property. |
array of WidgetItem | Minimum items: 0 |
| sub_headers | Rows An array of label-value properties. This field is deprecated instead used 'sub_header_widgets' property to define header widgets. |
array of PropertyItem | Deprecated Minimum items: 0 |
HealthRequestParameters (schema)
Service list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| dependent_services_health | Fetch the health of policy and it's dependent services. If set to false, then it will return only policy health. If set to true, then it will return health of policy and it's dependent services. If it is not provided, then then it will return health of policy and it's dependent services. |
boolean |
HostUpgradeStatus (schema)
Status of host upgrade
| Name | Description | Type | Notes |
|---|---|---|---|
| can_rollback | Can perform rollback This field indicates whether we can perform upgrade rollback. |
boolean | Readonly |
| can_skip | Can the upgrade of the remaining units in this component be skipped | boolean | Readonly |
| component_type | Component type for the upgrade status | string | Readonly |
| current_version_node_summary | Mapping of current versions of nodes and counts of nodes at the respective versions. | NodeSummaryList | Readonly |
| details | Details about the upgrade status | string | Readonly |
| node_count_at_target_version | Count of nodes at target component version Number of nodes of the type and at the component version |
int | Readonly |
| percent_complete | Indicator of upgrade progress in percentage | number | Required Readonly |
| pre_upgrade_status | Pre-upgrade status of the component-type | UpgradeChecksExecutionStatus | Readonly |
| status | Upgrade status of component | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED |
| target_component_version | Target component version | string | Readonly |
HostnameOrIPAddress (schema)
Hostname or IPv4 or IPv6 address
| Name | Description | Type | Notes |
|---|---|---|---|
| HostnameOrIPAddress | Hostname or IPv4 or IPv6 address | string | Format: hostname-or-ip |
HostnameOrIPv46Address (schema)
Hostname or IPv4 or IPv6 address
| Name | Description | Type | Notes |
|---|---|---|---|
| HostnameOrIPv46Address | Hostname or IPv4 or IPv6 address | string | Maximum length: 255 Pattern: "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*\.?$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$" |
HostnameOrIPv4Address (schema)
Hostname or IPv4 address
| Name | Description | Type | Notes |
|---|---|---|---|
| HostnameOrIPv4Address | Hostname or IPv4 address | string | Format: hostname-or-ipv4 |
HostnameOrIPv4AddressOrEmptyString (schema)
Hostname or IPv4 address
| Name | Description | Type | Notes |
|---|---|---|---|
| HostnameOrIPv4AddressOrEmptyString | Hostname or IPv4 address | string | Maximum length: 255 Pattern: "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*\.?$|^$" |
HttpProtocol (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| authentication_scheme | Scheme to authenticate if required | BasicAuthenticationScheme | |
| name | Must be set to the value HttpProtocol | string | Required Enum: http, https, scp, sftp |
HttpRequestMethodType (schema) (Deprecated)
http monitor method
| Name | Description | Type | Notes |
|---|---|---|---|
| HttpRequestMethodType | http monitor method | string | Deprecated Enum: GET, OPTIONS, POST, HEAD, PUT |
HttpRequestVersionType (schema) (Deprecated)
http request version
| Name | Description | Type | Notes |
|---|---|---|---|
| HttpRequestVersionType | http request version | string | Deprecated Enum: HTTP_VERSION_1_0, HTTP_VERSION_1_1 |
HttpServiceProperties (schema)
HTTP Service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| basic_authentication_enabled | Enable or disable basic authentication Identifies whether basic authentication is enabled or disabled in API calls. |
boolean | Deprecated Default: "True" |
| certificate | Certificate | Deprecated Required Readonly |
|
| cipher_suites | Cipher suites used to secure contents of connection | array of CipherSuite | Deprecated Minimum items: 1 |
| client_api_concurrency_limit | Client API rate limit in calls The maximum number of concurrent API requests that will be serviced for a given authenticated client. If the number of API requests being processed exceeds this limit, new API requests will be refused and a 503 Service Unavailable response will be returned to the client. To disable API concurrency limiting, set this value to 0. |
integer | Deprecated Minimum: 0 Default: "40" |
| client_api_rate_limit | Client API rate limit in calls per second The maximum number of API requests that will be serviced per second for a given authenticated client. If more API requests are received than can be serviced, a 429 Too Many Requests HTTP response will be returned. To disable API rate limiting, set this value to 0. |
integer | Deprecated Minimum: 0 Default: "100" |
| connection_timeout | NSX connection timeout, set to 0 to configure no timeout | integer | Deprecated Minimum: 0 Maximum: 2147483647 |
| cookie_based_authentication_enabled | Enable or disable cookie-based authentication Identifies whether cookie-based authentication is enabled or disabled in API calls. When cookie-based authentication is disabled, new sessions cannot be created via /api/session/create. |
boolean | Deprecated Default: "True" |
| global_api_concurrency_limit | Global API rate limit in calls The maximum number of concurrent API requests that will be serviced. If the number of API requests being processed exceeds this limit, new API requests will be refused and a 503 Service Unavailable response will be returned to the client. To disable API concurrency limiting, set this value to 0. |
integer | Deprecated Minimum: 0 Default: "100" |
| logging_level | Service logging level | string | Enum: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE Default: "INFO" |
| protocol_versions | TLS protocol versions | array of ProtocolVersion | Deprecated Minimum items: 1 |
| redirect_host | Host name or IP address to use for redirect location headers, or empty string to derive from current request | HostnameOrIPv4AddressOrEmptyString | Deprecated Default: "" |
| session_timeout | NSX session inactivity timeout, set to 0 to configure no timeout | integer | Deprecated Minimum: 0 Maximum: 2147483647 |
HttpsProtocol (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| authentication_scheme | Scheme to authenticate if required | BasicAuthenticationScheme | |
| name | Must be set to the value HttpsProtocol | string | Required Enum: http, https, scp, sftp |
| sha256_thumbprint | SSL thumbprint of server | string | Required |
ICMPTypeServiceEntry (schema)
A ServiceEntry that represents IPv4 or IPv6 ICMP protocol
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| icmp_code | ICMP message code | integer | Minimum: 0 Maximum: 255 |
| icmp_type | ICMP message type | integer | Minimum: 0 Maximum: 255 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| protocol | string | Required Enum: ICMPv4, ICMPv6 |
|
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ICMPTypeServiceEntry | string | Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IGMPTypeServiceEntry (schema)
A ServiceEntry that represents IGMP protocol
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IGMPTypeServiceEntry | string | Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPAddress (schema)
IPv4 or IPv6 address
| Name | Description | Type | Notes |
|---|---|---|---|
| IPAddress | IPv4 or IPv6 address | string | Format: ip |
IPAddressExpression (schema)
IP address expression node
Represents IP address expressions in the form of an array, to support addition of IP addresses in a group. Avoid creating groups with multiple IPAddressExpression. In future releases, group will be restricted to contain a single IPAddressExpression. To group IPAddresses, use nested groups instead of multiple IPAddressExpressions.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_addresses | Array of IP addresses This array can consist of a single IP address, IP address range or a subnet. Its type can be of either IPv4 or IPv6. Both IPv4 and IPv6 addresses within one expression is not allowed. Supported list of formats are, "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64". |
array of IPElement | Required Minimum items: 1 Maximum items: 6000 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPAddressExpression | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPAddressGroupAssociationRequestParams (schema)
List request parameters containing ip address and enforcement point path
List request parameters containing ip address and enforcement point path
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| ip_address | IPAddress | string | Required |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
IPAddressList (schema)
IP Address collection.
Collection of IP Addresses.
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | Array of IP addresses The array contains IP addresses. |
array of IPElement | Required Minimum items: 1 Maximum items: 4000 |
IPAddressOrCIDRBlock (schema)
IPAddress or CIDR Block
| Name | Description | Type | Notes |
|---|---|---|---|
| IPAddressOrCIDRBlock | IPAddress or CIDR Block | string | Format: address-or-cidr-block |
IPAddresses (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | IPs of the filter The IP addresses in the form of IP Address, IP Range, CIDR, used as source IPs or destination IPs of filters. |
array of IPElement | Minimum items: 1 |
IPCIDRBlock (schema)
IPv4 or IPv6 CIDR Block
| Name | Description | Type | Notes |
|---|---|---|---|
| IPCIDRBlock | IPv4 or IPv6 CIDR Block | string | Format: ip-cidr-block |
IPDiscoveryProfile (schema)
IP Discovery Profile
Using this profile to configure different options of IP Discovery
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| arp_nd_binding_timeout | ARP and ND cache timeout (in minutes) This property controls the ARP and ND cache timeout period. It is recommended that this property be greater than the ARP/ND cache timeout on the VM. |
int | Minimum: 5 Maximum: 120 Default: "10" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| duplicate_ip_detection | Duplicate IP Dection Options Duplicate IP detection is used to determine if there is any IP conflict with any other port on the same logical switch. If a conflict is detected, then the IP is marked as a duplicate on the port where the IP was discovered last. The duplicate IP will not be added to the realized address binings for the port and hence will not be used in DFW rules or other security configurations for the port.rt. |
DuplicateIPDetectionOptions | |
| id | Unique identifier of this resource | string | Sortable |
| ip_v4_discovery_options | IPv4 Discovery options Indicates IPv4 Discovery options |
IPv4DiscoveryOptions | |
| ip_v6_discovery_options | IPv6 Discovery options Indicates IPv6 Discovery options |
IPv6DiscoveryOptions | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPDiscoveryProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tofu_enabled | Is TOFU enabled or not Indicates whether "Trust on First Use(TOFU)" paradigm is enabled. |
boolean | Default: "True" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPDiscoveryProfileListRequestParameters (schema)
IP Discovery Profile request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
IPDiscoveryProfileListResult (schema)
Paged collection of IP Discovery Profiles
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | IP Discovery profile list results | array of IPDiscoveryProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
IPElement (schema)
IP address, range, or subnet
IPElement can be a single IP address, IP address range or a Subnet. Its
type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1",
"192.168.1.1-192.168.1.100", "192.168.0.0/24",
"fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:318c/64"
| Name | Description | Type | Notes |
|---|---|---|---|
| IPElement | IP address, range, or subnet IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" |
string | Format: address-or-block-or-range |
IPElementList (schema)
List of IP address, range, or subnet
IPElement can be a single IP address, IP address range or a Subnet. Its
type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1",
"192.168.1.1-192.168.1.100", "192.168.0.0/24",
"fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:318c/64"
| Name | Description | Type | Notes |
|---|---|---|---|
| IPElementList | List of IP address, range, or subnet IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" |
string | Format: list-of-address-or-block-or-range |
IPFIXDFWCollector (schema)
IPFIX DFW Collector
IPFIX DFW data will be collected on collector
Host IP and Port address should be provided for collector.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| collector_ip_address | IP address IP address for the IPFIX DFW collector. IP addresses such as 0.0.0.0, 127.0.0.1, 255.255.255.255 are invalid. |
IPAddress | Required |
| collector_port | Port Port for the IPFIX DFW collector. |
int | Required Minimum: 0 Maximum: 65535 |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPFIXDFWCollector | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPFIXDFWCollectorProfile (schema)
IPFIX DFW Collector Profile
IPFIX data for the NSX distributed firewall will be sent to the specified
IPFIX collectors.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ipfix_dfw_collectors | IPFIX DFW Collectors. It accepts Multiple Collectors. |
array of IPFIXDFWCollector | Required Minimum items: 1 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPFIXDFWCollectorProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPFIXDFWProfile (schema)
IPFIX DFW Profile
IPFIX packets from source will be sent to IPFIX DFW collector.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| active_flow_export_timeout | Active timeout (Minutes) For long standing active flows, IPFIX records will be sent per timeout period in minutes. |
int | Required Minimum: 1 Maximum: 60 Default: "1" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ipfix_dfw_collector_profile_path | IPFIX collector Paths Policy path for IPFIX collector profiles. IPFIX data from these logical segments will be sent to all specified IPFIX collectors. |
string | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| observation_domain_id | Observation domain ID An identifier that is unique to the exporting process and used to meter the flows. |
int | Minimum: 0 Maximum: 65536 Default: "0" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| priority | Config Priority This priority field is used to resolve conflicts in Segment Ports which are covered by more than one IPFIX profiles. The IPFIX exporter will send records to Collectors in highest priority profile (lowest number) only. |
int | Minimum: 0 Maximum: 32000 Default: "0" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPFIXDFWProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPFIXL2Collector (schema)
IPFIX L2 Collector
IPFIX packets will be collected on collector.
IP and port address should be provided for collector.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| collector_ip_address | IP address IP address for the IPFIX L2 collector. IP addresses such as 0.0.0.0, 127.0.0.1, 255.255.255.255 are invalid. |
IPAddress | Required |
| collector_port | Port Port number for the IPFIX L2 collector. |
int | Minimum: 0 Maximum: 65535 Default: "4739" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPFIXL2Collector | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPFIXL2CollectorProfile (schema)
IPFIX L2 Collector Profile
IPFIX L2 data will be collected on collectors.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ipfix_l2_collectors | It accepts Multiple Collector objects. It accepts Multiple Collector objects. |
array of IPFIXL2Collector | Required Minimum items: 1 Maximum items: 4 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPFIXL2CollectorProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPFIXL2Profile (schema)
IPFIX L2 Profile
IPFIX data from source logical segment, port, group will be forwarded to IPFIX
collector.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| active_timeout | Active timeout The time in seconds after a flow is expired even if more packets matching this flow are received by the cache. |
int | Minimum: 60 Maximum: 3600 Default: "300" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| export_overlay_flow | Export overlay Flow This property controls whether overlay flow info is included in the sample result. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| idle_timeout | Idle timeout The time in seconds after a flow is expired if no more packets matching this flow are received by the cache. |
int | Minimum: 60 Maximum: 3600 Default: "300" |
| ipfix_collector_profile_path | IPFIX collector Path Policy path for IPFIX collector profile. User can specify only one IPFIX collector. |
string | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| max_flows | Max flows The maximum number of flow entries in each exporter flow cache. |
integer | Minimum: 0 Maximum: 4294967295 Default: "16384" |
| observation_domain_id | Observation domain ID An identifier that is unique to the exporting process and used to meter the flows. |
integer | Minimum: 0 Maximum: 4294967295 Default: "0" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| packet_sample_probability | Packet sample probability The probability in percentage that a packet is sampled, in range 0-100. The probability is equal for every packet. |
number | Required Minimum: 0 Maximum: 100 Default: "0.1" |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| priority | Config Priority This priority field is used to resolve conflicts in Segment Ports which are covered by more than one IPFIX profiles. The IPFIX exporter will send records to Collectors in highest priority profile (lowest number) only. |
int | Minimum: 0 Maximum: 32000 Default: "0" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPFIXL2Profile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPInfo (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | IPv4 Addresses | array of IPv4Address | Required Minimum items: 1 Maximum items: 1 |
| prefix_length | Subnet Prefix Length | integer | Required Minimum: 1 Maximum: 32 |
IPProtocolServiceEntry (schema)
A ServiceEntry that represents an IP protocol
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| protocol_number | integer | Required Minimum: 0 Maximum: 255 |
|
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPProtocolServiceEntry | string | Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSecDigestAlgorithm (schema)
Digest Algorithms used in IPSec tunnel establishment
The IPSecDigestAlgorithms are used to verify message
integrity during IPSec VPN tunnel establishment.
SHA1 produces 160 bits hash and SHA2_XXX produces
XXX bit hash.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecDigestAlgorithm | Digest Algorithms used in IPSec tunnel establishment The IPSecDigestAlgorithms are used to verify message integrity during IPSec VPN tunnel establishment. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash. |
string | Enum: SHA1, SHA2_256, SHA2_384, SHA2_512 |
IPSecEncryptionAlgorithm (schema)
Encryption algorithm used in IPSec tunnel
IPSecEncryptionAlgorithms are used to ensure confidentiality
of the messages exchanged during Tunnel negotiations. AES
stands for Advanced Encryption Standards. AES_128 uses 128-bit
keys whereas AES_256 uses 256-bit keys for encryption and
decryption. AES_128 and AES_256 use CBC mode of encryption.
AES_GCM stands for Advanced Encryption Standard(AES)
in Galois/Counter Mode (GCM) and is used to provide both
confidentiality and data origin authentication.
NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input
data without encyption. Digest algorithm should be empty for this
option.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecEncryptionAlgorithm | Encryption algorithm used in IPSec tunnel IPSecEncryptionAlgorithms are used to ensure confidentiality of the messages exchanged during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin authentication. NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input data without encyption. Digest algorithm should be empty for this option. |
string | Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256, NO_ENCRYPTION_AUTH_AES_GMAC_128, NO_ENCRYPTION_AUTH_AES_GMAC_192, NO_ENCRYPTION_AUTH_AES_GMAC_256, NO_ENCRYPTION |
IPSecVpnDpdProfile (schema)
Dead peer detection (DPD) profile
Dead peer detection (DPD) is a method that allows detection of unreachable internet key excahnge (IKE) peers. Any changes affects all IPSec VPN sessions consuming this profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dpd_probe_interval | DPD Probe Interval DPD probe interval defines an interval for DPD probes (in seconds). - When the DPD probe mode is periodic, this interval is the number of seconds between DPD messages. - When the DPD probe mode is on-demand, this interval is the number of seconds during which traffic is not received from the peer before DPD retry messages are sent if there is IPSec traffic to send. For PERIODIC Mode: Minimum: 3 Maximum: 360 Default: 60 For ON_DEMAND Mode: Minimum: 1 Maximum: 10 Default: 10 |
integer | |
| dpd_probe_mode | DPD Probe Mode DPD probe mode is used to query the liveliness of the peer. Two modes are possible: - PERIODIC: is used to query the liveliness of the peer at regular intervals (dpd_probe_interval). It does not take into consideration traffic coming from the peer. The benefit of this mode over the on-demand mode is earlier detection of dead peers. However, use of periodic DPD incurs extra overhead. When communicating to large numbers of peers, please consider using on-demand DPD instead. - ON_DEMAND: is used to query the liveliness of the peer by instructing the local endpoint to send DPD message to a peer if there is traffic to send to the peer AND the peer was idle for dpd_probe_interval seconds (i.e. there was no traffic from the peer for dpd_probe_interval seconds). |
string | Enum: PERIODIC, ON_DEMAND Default: "PERIODIC" |
| enabled | Enable dead peer detection (DPD) If true, enable dead peer detection. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPSecVpnDpdProfile | string | |
| retry_count | Retry Count Maximum number of DPD messages' retry attempts. This value is applicable for both dpd probe modes, periodic and on-demand. |
integer | Minimum: 1 Maximum: 100 Default: "10" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSecVpnIkeProfile (schema)
Internet key exchange (IKE) profile
IKE Profile is a reusable profile that captures IKE phase one negotiation parameters. Any changes affects all IPSec VPN sessions consuming this profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dh_groups | DH group Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14. |
array of DhGroup | |
| digest_algorithms | Algorithm for message hash Algorithm to be used for message digest during Internet Key Exchange(IKE) negotiation. A default value of SHA2_256 will be applied only when the supplied encryption algorithms contain either AES_128 or AES_256. |
array of IkeDigestAlgorithm | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| encryption_algorithms | Encryption algorithm for IKE Encryption algorithm is used during Internet Key Exchange(IKE) negotiation. Default is AES_128. |
array of IkeEncryptionAlgorithm | |
| id | Unique identifier of this resource | string | Sortable |
| ike_version | IKE version IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2. |
string | Enum: IKE_V1, IKE_V2, IKE_FLEX Default: "IKE_V2" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPSecVpnIkeProfile | string | |
| sa_life_time | Security association (SA) life time Life time for security association. Default is 86400 seconds (1 day). |
integer | Minimum: 21600 Maximum: 31536000 Default: "86400" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSecVpnLocalEndpoint (schema)
IPSec VPN Local Endpoint
Local endpoint represents a tier-0/tier-1 on which tunnel needs to be terminated. In federation, all the configuration done for the local endpoint on GM will be realized based on the scope attribute at the corresponding LM. Local endpoint without any scope will be realized on all sites. The scope attribute is applicable only on GM not on LM.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| certificate_path | Certificate path Policy path referencing site certificate. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| local_address | IPv4 or IPv6 Address of local endpoint IPv4 or IPv6 Address of local endpoint. Please note that configuring local_address as IPv6 address is not supported in the deprecated IPSecVpnLocalEndpoint Patch/PUT APIs. |
IPAddress | Required |
| local_id | Local identifier Local identifier. |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPSecVpnLocalEndpoint | string | |
| scope | scope identify the site to which LocalEndpoint configuration associated with. Applicable only in GM Scope attribute refers to the Policy path identifying the LocaleService of specific site where all the local end point configurations will be realized. In federation, all the configuration done for the local endpoint on GM will be realized based on the scope at the corresponding LM. Local endpoint without any scope will be realized on all sites. This attribute will not be applicable on LM. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| trust_ca_paths | Certificate authority (CA) paths List of policy paths referencing certificate authority (CA) to verify peer certificates. |
array of string | |
| trust_crl_paths | Certificate revocation list (CRL) paths List of policy paths referencing certificate revocation list (CRL) to peer certificates. |
array of string | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSecVpnRule (schema)
IPSec VPN Rule
For policy-based IPsec VPNs, a security policy specifies as its action the VPN tunnel to be used for transit traffic that meets the policy’s match criteria.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Action to be applied PROTECT - Protect rules are defined per policy based IPSec VPN session. BYPASS - Bypass rules are defined per IPSec VPN service and affects all policy based IPSec VPN sessions. Bypass rules are prioritized over protect rules. |
string | Readonly Enum: PROTECT, BYPASS Default: "PROTECT" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destinations | Destination list List of IPv4 or IPv6 peer subnets. Specifying no value is interpreted as 0.0.0.0/0, ::/0. The maximum number of IPv4 or IPv6 local subnets allowed is 128 Please note that configuring IPv6 peer subnets is not supported in the deprecated IPSecVpnSession Patch/PUT APIs. |
array of IPSecVpnSubnet | Maximum items: 256 |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enabled flag A flag to enable/disable the rule. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| logged | Logging flag A flag to enable/disable the logging for the rule. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPSecVpnRule | string | |
| sequence_number | Sequence number of the IPSecVpnRule A sequence number is used to give a priority to an IPSecVpnRule. |
int | Minimum: 0 |
| sources | Source list List of IPv4 or IPv6 local subnets. Specifying no value is interpreted as 0.0.0.0/0, ::/0. The maximum number of IPv4 or IPv6 local subnets allowed is 128 Please note that configuring IPv6 local subnets is not supported in the deprecated IPSecVpnSession Patch/PUT APIs. |
array of IPSecVpnSubnet | Maximum items: 256 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSecVpnService (schema)
IPSec VPN service
Create and manage IPSec VPN service under tier-0/tier-1.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| bypass_rules | Bypass Policy rules Bypass policy rules are configured using VPN service. Bypass rules always have higher priority over protect rules and they affect all policy based vpn sessions associated with the IPSec VPN service. Protect rules are defined per policy based vpn session. |
array of IPSecVpnRule | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enable virtual private network (VPN) service If true, enable VPN services under tier-0/tier-1. |
boolean | Default: "True" |
| ha_sync | Flag to enable IPSec HA State Sync Enable/disable IPSec HA state sync. IPSec HA state sync can be disabled if in case there are performance issues w.r.t. the state sync messages. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| ike_log_level | Internet key exchange (IKE) log level Log level for internet key exchange (IKE). |
string | Enum: DEBUG, INFO, WARN, ERROR, EMERGENCY Default: "INFO" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPSecVpnService | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSecVpnSession (schema)
IPSec VPN session
VPN session defines connection between local and peer endpoint. Until VPN session is defined configuration is not realized.
This is an abstract type. Concrete child types:
PolicyBasedIPSecVpnSession
RouteBasedIPSecVpnSession
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| authentication_mode | Authentication Mode Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. |
string | Enum: PSK, CERTIFICATE Default: "PSK" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| compliance_suite | Compliance suite Compliance suite. |
string | Enum: CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, NONE |
| connection_initiation_mode | Connection initiation mode Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request. |
string | Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND Default: "INITIATOR" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dpd_profile_path | Dead peer detection (DPD) profile path Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile. |
string | |
| enabled | Enable/Disable IPSec VPN session Enable/Disable IPSec VPN session. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| ike_profile_path | Internet key exchange (IKE) profile path Policy path referencing IKE profile to be used. Default is set according to system default profile. |
string | |
| local_endpoint_path | Local endpoint path Policy path referencing Local endpoint. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| peer_address | IPV4 or IPV6 address of peer endpoint on remote site Public IPV4 or IPV6 address of the remote device terminating the VPN connection. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. Please note that configuring peer_address as IPv6 address is not supported in the deprecated IPSecVpnSession Patch/PUT APIs. |
IPAddress | |
| peer_id | Peer id Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. |
string | |
| psk | Pre-shared key IPSec Pre-shared key. Maximum length of this field is 128 characters. |
secure_string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPSecVpnSession | IPSecVpnSessionResourceType | Required |
| site_overrides | SiteOverride list A collection of site specific attributes specificed only on GM |
array of SiteOverride | Maximum items: 128 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_mss_clamping | TCP MSS Clamping TCP Maximum Segment Size Clamping Direction and Value. |
TcpMaximumSegmentSizeClamping | |
| tunnel_profile_path | IPSec tunnel profile path Policy path referencing Tunnel profile to be used. Default is set to system default profile. |
string | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSecVpnSessionResourceType (schema)
Resource types of IPsec VPN session
A Policy Based VPN requires to define protect rules that match
local and peer subnets. IPSec security associations is
negotiated for each pair of local and peer subnet.
A Route Based VPN is more flexible, more powerful and recommended over
policy based VPN. IP Tunnel port is created and all traffic routed via
tunnel port is protected. Routes can be configured statically
or can be learned through BGP. A route based VPN is must for establishing
redundant VPN session to remote site.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecVpnSessionResourceType | Resource types of IPsec VPN session A Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security associations is negotiated for each pair of local and peer subnet. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is must for establishing redundant VPN session to remote site. |
string | Enum: PolicyBasedIPSecVpnSession, RouteBasedIPSecVpnSession |
IPSecVpnSubnet (schema)
Subnet for IPSec Policy based VPN
Used to specify the local/peer subnets in IPSec VPN rule.
| Name | Description | Type | Notes |
|---|---|---|---|
| subnet | IPv4/IPv6 Peer or local subnet Subnet used in policy rule. |
IPCIDRBlock | Required |
IPSecVpnTunnelInterface (schema)
IP tunnel interface configuration
IP tunnel interface configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_subnets | IP Tunnel interface subnet IP Tunnel interface (commonly referred as VTI) subnet. Supports assigning both IPv4 and IPV6 subnets to VTI. If two IPs are provided for VTI, both cannot be of same IP versions. Please note that configuring IPv6 subnets to VTI is not supported in the deprecated IPSecVpnSession Patch/PUT APIs. |
array of TunnelInterfaceIPSubnet | Required Minimum items: 1 Maximum items: 2 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPSecVpnTunnelInterface | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSecVpnTunnelProfile (schema)
IPSec VPN tunnel profile
IPSec VPN tunnel profile is a reusable profile that captures phase two negotiation parameters and IPSec tunnel properties. Any changes affects all IPSec VPN sessions consuming this profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| df_policy | Policy for handling defragmentation bit Defragmentation policy helps to handle defragmentation bit present in the inner packet. COPY copies the defragmentation bit from the inner IP packet into the outer packet. CLEAR ignores the defragmentation bit present in the inner packet. |
string | Enum: COPY, CLEAR Default: "COPY" |
| dh_groups | Dh group Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14. |
array of DhGroup | |
| digest_algorithms | Algorithm for message hash Algorithm to be used for message digest. Default digest algorithm is implicitly covered by default encryption algorithm "AES_GCM_128". |
array of IPSecDigestAlgorithm | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_perfect_forward_secrecy | Enable perfect forward secrecy If true, perfect forward secrecy (PFS) is enabled. |
boolean | Default: "True" |
| encryption_algorithms | Encryption algorithm to use in IPSec tunnel establishement Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128. |
array of IPSecEncryptionAlgorithm | |
| extended_attributes | Extended Attributes. Collection of type specific properties. As of now, to hold encapsulation mode and transform protocol. |
array of AttributeVal | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPSecVpnTunnelProfile | string | |
| sa_life_time | Security association (SA) life time SA life time specifies the expiry time of security association. Default is 3600 seconds. |
integer | Minimum: 900 Maximum: 31536000 Default: "3600" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSubnet (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | IP Addresses All IP addresses, some of which may be automatically configured. When updating this field, the payload may contain only the IP addresses that should be changed, or may contain the IP addresses to change as well as the automatically assigned addresses. Currently, only one updatable address and one system-maintained address are supported. Currently, the system-maintained address supported is Extended Unique Identifier(EUI)-64 address. EUI-64 address is generated by the system only when user configured ip-subnet has prefix length less than or equal to 64. |
array of IPAddress | Required Minimum items: 1 Maximum items: 2 |
| prefix_length | Subnet Prefix Length | integer | Required Minimum: 1 Maximum: 128 |
IPv4Address (schema)
IPv4 address
| Name | Description | Type | Notes |
|---|---|---|---|
| IPv4Address | IPv4 address | string | Format: ipv4 |
IPv4AddressProperties (schema)
IPv4 address properties
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | Interface IPv4 address | string | Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$" |
| netmask | Interface netmask | string | Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$" |
IPv4CIDRBlock (schema)
IPv4 CIDR Block
| Name | Description | Type | Notes |
|---|---|---|---|
| IPv4CIDRBlock | IPv4 CIDR Block | string | Format: ipv4-cidr-block |
IPv4DiscoveryOptions (schema)
IPv4 discovery options
Contains IPv4 related discovery options.
| Name | Description | Type | Notes |
|---|---|---|---|
| arp_snooping_config | ARP snooping configuration Indicates ARP snooping options |
ArpSnoopingConfig | |
| dhcp_snooping_enabled | Is DHCP snooping enabled or not Indicates whether DHCP snooping is enabled |
boolean | Default: "True" |
| vmtools_enabled | Is VM tools enabled or not Indicates whether fetching IP using vm-tools is enabled. This option is only supported on ESX where vm-tools is installed. |
boolean | Default: "True" |
IPv6Address (schema)
IPv6 address
| Name | Description | Type | Notes |
|---|---|---|---|
| IPv6Address | IPv6 address | string | Format: ipv6 |
IPv6AddressProperties (schema)
IPv6 address properties
| Name | Description | Type | Notes |
|---|---|---|---|
| ip6_address | Interface IPv6 address | string | Pattern: "^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$" |
| ip6_gateway | IPv6 Gateway | string | Pattern: "^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$" |
| prefixlen | Prefix length | integer |
IPv6CIDRBlock (schema)
IPv6 CIDR Block
| Name | Description | Type | Notes |
|---|---|---|---|
| IPv6CIDRBlock | IPv6 CIDR Block | string | Format: ipv6-cidr-block |
IPv6DADStatus (schema)
IPv6 DAD status
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | IP address IP address on the port for which DAD status is reported. |
IPAddress | Readonly |
| status | DAD Status DAD status for IP address on the port. |
DADStatus | Readonly |
| transport_node | Transport node Array of transport node id on which DAD status is reported for given IP address. |
array of ResourceReference | Readonly |
IPv6DiscoveryOptions (schema)
IPv6 discovery options
Contains IPv6 related discovery options.
| Name | Description | Type | Notes |
|---|---|---|---|
| dhcp_snooping_v6_enabled | Is DHCP snoping v6 enabled or not Enable this method will snoop the DHCPv6 message transaction which a VM makes with a DHCPv6 server. From the transaction, we learn the IPv6 addresses assigned by the DHCPv6 server to this VM along with its lease time. |
boolean | Default: "False" |
| nd_snooping_config | ND snooping configuration Indicates ND snooping options |
NdSnoopingConfig | |
| vmtools_v6_enabled | Enable this method will learn the IPv6 addresses which are
configured on interfaces of a VM with the help of the VMTools software. |
boolean | Default: "False" |
IPv6Status (schema)
IPv6 status
| Name | Description | Type | Notes |
|---|---|---|---|
| connected_segment_path | Connected segment path Path of the segment attached to the interface. |
string | Readonly |
| dad_statuses | IPv6 DAD status Array of DAD status which contains DAD information for IP addresses on the interface. |
array of IPv6DADStatus | Readonly |
| interface_id | Policy path or realization ID of interface Policy path or realization ID of interface for which IPv6 DAD status is returned. |
string | |
| tier0_gateway | Tier-0 Gateway Tier-0 Gateway this router Link belongs to. |
string | |
| tier1_gateway | Tier-1 Gateway Tier-1 Gateway this router Link belongs to. |
string |
IcmpEchoRequestHeader (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| id | ICMP id | integer | Minimum: 0 Maximum: 65535 Default: "0" |
| sequence | ICMP sequence number | integer | Minimum: 0 Maximum: 65535 Default: "0" |
Icon (schema)
Icon
Icon to be applied at dashboard for widgets and UI elements.
| Name | Description | Type | Notes |
|---|---|---|---|
| color | Icon color applied to icon in hex format Icon color applied to icon in hex format. |
string | |
| placement | Position at which to display icon, if any If specified as PRE, the icon appears before the UI element. If set as POST, the icon appears after the UI element. |
string | Enum: PRE, POST Default: "PRE" |
| size | Icon size in unit Icon size in unit applied to icon.A unit can be specified by the 'size_unit' property. |
number | Minimum: 1 |
| size_unit | Icon size unit in rem/px/pc Icon size unit applied to icon along with size. if 'size' property value is provided and no value is provided for this property then default value for this proerty is set to 'px'. |
string | Enum: px, rem, pc |
| tooltip | Multi-line tooltip Multi-line text to be shown on tooltip while hovering over the icon. |
array of Tooltip | |
| type | Type of icon Icon will be rendered based on its type. For example, if ERROR is chosen, then icon representing error will be rendered. or else custom svg icon name can be given. |
string |
IdentityFirewallAdStore (schema)
Active IdentityFirewallStore
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| base_distinguished_name | IdentityFirewallStore base distinguished name Each active directory domain has a domain naming context (NC), which contains domain-specific data. The root of this naming context is represented by a domain's distinguished name (DN) and is typically referred to as the NC head. |
string | Required |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| event_log_servers | Event Log server of IdentityFirewallStore IdentityFirewallStore Event Log server's information including host, name, protocol and so on. |
array of IdentityFirewallStoreEventLogServer | Readonly Maximum items: 50 |
| id | Unique identifier of this resource | string | Sortable |
| ldap_servers | LDAP server of IdentityFirewallStore IdentityFirewallStore LDAP servers' information including host, name, port, protocol and so on. |
array of IdentityFirewallStoreLdapServer | Required Maximum items: 50 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| name | IdentityFirewallStore name IdentityFirewallStore name which best describes the Directory domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for domain name among different domains. |
string | Required |
| netbios_name | IdentityFirewallStore NETBIOS name NetBIOS names can contain all alphanumeric characters except for the certain disallowed characters. Names can contain a period, but names cannot start with a period. NetBIOS is similar to DNS in that it can serve as a directory service, but more limited as it has no provisions for a name hierarchy and names are limited to 15 characters. The netbios name is case insensitive and is stored in upper case regardless of input case. |
string | Required |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdentityFirewallAdStore | string | Required Enum: IdentityFirewallAdStore |
| selective_sync_settings | SelectiveSync settings SelectiveSync settings toggle the SelectiveSync feature and selected OrgUnits. If this is not specified, SelectiveSync is disabled by default. |
SelectiveSyncSettings | |
| sync_settings | IdentityFirewallStore sync settings Each domain sync settings can be changed using this object. It is not required since there are default values used if there is no specification for this object. |
DirectoryDomainSyncSettings | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdentityFirewallStore (schema)
IdentityFirewallStore
This is an abstract type. Concrete child types:
IdentityFirewallAdStore
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| event_log_servers | Event Log server of IdentityFirewallStore IdentityFirewallStore Event Log server's information including host, name, protocol and so on. |
array of IdentityFirewallStoreEventLogServer | Readonly Maximum items: 50 |
| id | Unique identifier of this resource | string | Sortable |
| ldap_servers | LDAP server of IdentityFirewallStore IdentityFirewallStore LDAP servers' information including host, name, port, protocol and so on. |
array of IdentityFirewallStoreLdapServer | Required Maximum items: 50 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| name | IdentityFirewallStore name IdentityFirewallStore name which best describes the Directory domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for domain name among different domains. |
string | Required |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdentityFirewallStore | string | Required Enum: IdentityFirewallAdStore |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdentityFirewallStoreEventLogServer (schema)
Event log server of IdentityFirewallStore
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| domain_name | IdentityFirewallStore name IdentityFirewallStore name which best describes the IdentityFirewallStore. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for IdentityFirewallStore name among different IdentityFirewallStores. |
string | |
| host | Event log server host name Directory Event Log server DNS host name or ip address which is reachable by NSX manager to be connected and do event fetching. |
string | Required Format: hostname-or-ip |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| password | Event log server password IdentityFirewallStore event log server connection password. |
secure_string | |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdentityFirewallStoreEventLogServer | string | |
| status | Event log server connection status Event log server connection status object |
DirectoryEventLogServerStatus | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| username | Event log server username Directory event log server connection user name. |
string |
IdentityFirewallStoreLdapServer (schema)
LDAP server of directory domain
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| domain_name | IdentityFirewallStore name IdentityFirewallStore name which best describes the domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for IdentityFirewallStore name among different IdentityFirewallStores. |
string | |
| host | LDAP server host name IdentityFirewallStore LDAP server DNS host name or ip address which is reachable by NSX manager to be connected and do object synchronization. |
string | Required Format: hostname-or-ip |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| password | LDAP server password IdentityFirewallStore LDAP server connection password. |
secure_string | |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| port | LDAP server TCP/UDP port IdentityFirewallStore LDAP server connection TCP/UDP port. |
integer | Default: "389" |
| protocol | LDAP server protocol IdentityFirewallStore LDAP server connection protocol which is either LDAP or LDAPS. |
string | Enum: LDAP, LDAPS Default: "LDAP" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdentityFirewallStoreLdapServer | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| thumbprint | LDAP server certificate thumbprint using SHA-256 algorithm IdentityFirewallStore LDAP server certificate thumbprint used in secure LDAPS connection. |
string | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| username | LDAP server username IdentityFirewallStore LDAP server connection user name. |
string |
IdentityGroupAssociationRequestParams (schema)
List request parameters containing Identity Group external ID and enforcement point path
List request parameters containing Identity Group external ID and enforcement point path
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F. |
string | |
| identity_group_external_id | Identity Group external ID | string | Required |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
IdentityGroupExpression (schema)
IdentityGroup expression node
Represents a list of identity group (Ad group SID) expressions.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| identity_groups | Array of identity group This array consists of set of identity group object. All members within this array are implicitly OR'ed together. |
array of IdentityGroupInfo | Required Minimum items: 1 Maximum items: 500 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdentityGroupExpression | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdentityGroupInfo (schema)
Identity (Directory) group
| Name | Description | Type | Notes |
|---|---|---|---|
| distinguished_name | LDAP distinguished name Each LDAP object is uniquely identified by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas. e.g. CN=Larry Cole,CN=admin,DC=corp,DC=acme,DC=com. A valid fully qualified distinguished name should be provided to include specific groups else the create / update realization of the Group containing an invalid/ partial DN will fail. This value is valid only if it matches to exactly 1 LDAP object on the LDAP server. |
string | Required |
| domain_base_distinguished_name | Identity (Directory) domain base distinguished name This is the base distinguished name for the domain where this particular group resides. (e.g. dc=example,dc=com) Each active directory domain has a domain naming context (NC), which contains domain-specific data. The root of this naming context is represented by a domain's distinguished name (DN) and is typically referred to as the NC head. |
string | Required |
| sid | Identity (Directory) Group SID (security identifier) A security identifier (SID) is a unique value of variable length used to identify a trustee. A SID consists of the following components: The revision level of the SID structure; A 48-bit identifier authority value that identifies the authority that issued the SID; A variable number of subauthority or relative identifier (RID) values that uniquely identify the trustee relative to the authority that issued the SID. This field is only populated for Microsoft Active Directory identity store. |
string |
IdentitySourceLdapServer (schema)
An LDAP server
Information about a single LDAP server.
| Name | Description | Type | Notes |
|---|---|---|---|
| bind_identity | Username or DN for LDAP authentication A username used to authenticate to the directory when admnistering roles in NSX. This user should have privileges to search the LDAP directory for groups and users. This user is also used in some cases (OpenLDAP) to look up an NSX user's distinguished name based on their NSX login name. If omitted, NSX will authenticate to the LDAP server using an LDAP anonymous bind operation. For Active Directory, provide a userPrincipalName (e.g. [email protected]) or the full distinguished nane. For OpenLDAP, provide the distinguished name of the user (e.g. uid=admin, cn=airius, dc=com). |
string | |
| certificates | TLS certificate(s) for LDAP server(s) If using LDAPS or STARTTLS, provide the X.509 certificate of the LDAP server in PEM format. This property is not required when connecting without TLS encryption and is ignored in that case. |
array of string | |
| enabled | If true, this LDAP server is enabled Allows the LDAP server to be enabled or disabled. When disabled, this LDAP server will not be used to authenticate users. |
boolean | Default: "True" |
| password | Username for LDAP authentication A password used when authenticating to the directory. |
secure_string | |
| url | The URL for the LDAP server The URL for the LDAP server. Supported URL schemes are LDAP and LDAPS. Either a hostname or an IP address may be given, and the port number is optional and defaults to 389 for the LDAP scheme and 636 for the LDAPS scheme. |
string | Required |
| use_starttls | Enable/disable StartTLS If set to true, Use the StartTLS extended operation to upgrade the connection to TLS before sending any sensitive information. The LDAP server must support the StartTLS extended operation in order for this protocol to operate correctly. This option is ignored if the URL scheme is LDAPS. |
boolean | Default: "False" |
IdentitySourceLdapServerEndpoint (schema)
An LDAP server endpoint
Information about a single LDAP server endpoint.
| Name | Description | Type | Notes |
|---|---|---|---|
| url | The URL for the LDAP server The URL for the LDAP server. Supported URL schemes are LDAP and LDAPS. Either a hostname or an IP address may be given, and the port number is optional and defaults to 389 for the LDAP scheme and 636 for the LDAPS scheme. |
string | Required |
| use_starttls | Eanble/disable StartTLS If set to true, Use the StartTLS extended operation to upgrade the connection to TLS before sending any sensitive information. The LDAP server must support the StartTLS extended operation in order for this protocol to operate correctly. This option is ignored if the URL scheme is LDAPS. |
boolean | Default: "False" |
IdentitySourceLdapServerProbeResult (schema)
Results from one LDAP server probe
The results of probing an individual LDAP server.
| Name | Description | Type | Notes |
|---|---|---|---|
| errors | Error details Detail about errors encountered during the probe. |
array of LdapProbeError | |
| result | Overall result Overall result of the probe. If the probe was able to connect to the LDAP service, authenticate using the provided credentials, and perform searches of the configured user and group search bases without error, the result is SUCCESS. Otherwise, the result is FAILURE, and additional details may be found in the errors property. |
string | Enum: SUCCESS, FAILURE |
| url | LDAP Server URL THe URL of the probed LDAP host. |
string |
IdsClusterConfig (schema)
Intrusion Detection System cluster configuration
IDS configuration to activate/deactivate IDS on cluster level.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cluster | PolicyResourceReference Contains policy resource reference object |
PolicyResourceReference | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ids_enabled | Ids enabled flag If set to true, IDS is enabled on the respective cluster |
boolean | Required |
| is_stale | Cluster stale flag If set to true, this cluster has been deleted from NSX. |
boolean | Readonly |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsClusterConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsGatewayPolicy (schema)
Contains ordered list of IDS Rules
Represents the Intrusion Detection System Gateway Policy, which contains
the list of IDS Rules.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| comments | SecurityPolicy lock/unlock comments Comments for security policy lock/unlock. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| internal_sequence_number | Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories. |
int | Readonly |
| is_default | Default policy flag A flag to indicate whether policy is a default policy. |
boolean | Readonly |
| lock_modified_by | User who locked the security policy ID of the user who last modified the lock for the secruity policy. |
string | Readonly |
| lock_modified_time | SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| locked | Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsGatewayPolicy | string | |
| rule_count | Rule count The count of rules in the policy. |
int | Readonly |
| rules | IDS Rules that are a part of this SecurityPolicy | array of IdsRule | |
| scheduler_path | Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration. |
string | |
| scope | The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999. |
int | Minimum: 0 |
| stateful | Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_strict | Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. |
boolean | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsGlobalEventConfig (schema)
Intrusion Detection System global event configuration
Represents IDS event publishing configuration for NSX-I and NDR.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ids_data_topic_name | kafka topic into which to publish IDS events. | string | Default: "ids_data" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| publish_ids_events | A flag to indicate if IDS events need to be sent to kafka When this flag is set to true, IDS events will be sent to kafka, for consumption by components such as NSX-I and NDR. |
boolean | Default: "False" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsGlobalEventConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsPcapConfig (schema)
IDPS Pcap configuration
Pcap Configuration for IdsProfile.
| Name | Description | Type | Notes |
|---|---|---|---|
| pcap_byte_count | IDPS Byte capture count. Determine how many bytes will be captured. |
int | Minimum: 1524 Maximum: 65536 Default: "10000" |
| pcap_enabled | A flag to activate/deactivate pcap for IDPS Profile. Flag which determines whether packet capturing is enabled or not. |
boolean | Default: "False" |
| pcap_packet_count | IDPS Packet capture count. Determine how many packets will be captured. |
int | Minimum: 1 Maximum: 15 Default: "5" |
IdsPolicy (schema)
Contains ordered list of IDS Rules
Represents the Intrusion Detection System Policy, which contains
the list of IDS Rules.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| comments | SecurityPolicy lock/unlock comments Comments for security policy lock/unlock. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| internal_sequence_number | Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories. |
int | Readonly |
| is_default | Default policy flag A flag to indicate whether policy is a default policy. |
boolean | Readonly |
| lock_modified_by | User who locked the security policy ID of the user who last modified the lock for the secruity policy. |
string | Readonly |
| lock_modified_time | SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| locked | Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsPolicy | string | |
| rule_count | Rule count The count of rules in the policy. |
int | Readonly |
| rules | IDS Rules that are a part of this SecurityPolicy | array of IdsRule | |
| scheduler_path | Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration. |
string | |
| scope | The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999. |
int | Minimum: 0 |
| stateful | Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_strict | Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. |
boolean | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsProfile (schema)
Intrusion Detection System Profile
IDS Profile which contains the signatures and will be used in IDS rules.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| criteria | Filtering criteria of IDS Profile Represents the filtering criteria for the IDS Profile. 1. A non-empty criteria list, must be of odd size. In a list, with indices starting from 0, all IdsProfileFilterCriteria must be at even indices, separated by the IdsProfileConjunctionOperator AND at odd indices. 2. There may be at most 7 IdsProfileCriteria objects inside a list. |
array of IdsProfileCriteria (Abstract type: pass one of the following concrete types) IdsProfileConjunctionOperator IdsProfileFilterCriteria |
Maximum items: 7 |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| overridden_signatures | Represents the signatures that is overridden for the Profile Represents the signatures that has been overridden for this Profile. |
array of IdsProfileLocalSignature | |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pcap_config | Represents pcap configuration Tells about the Pcap configuration for a IDS Profile. Only supported on Local Manager. |
IdsPcapConfig | |
| profile_severity | IDS Profile severity Represents the severities of signatures which are part of this profile. |
array of ProfileSeverity | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsProfile | string | |
| severities | IDS Profile severity Represents the severities of signatures which are part of this profile. |
array of IdsProfileSeverity | Deprecated |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsProfileConjunctionOperator (schema)
Represents the operator AND
Represents the operator AND.
| Name | Description | Type | Notes |
|---|---|---|---|
| operator | IDS Profile Filter Condition | string | Required Enum: AND |
| resource_type | Must be set to the value IdsProfileConjunctionOperator | string | Required Enum: IdsProfileConjunctionOperator, IdsProfileFilterCriteria |
IdsProfileCriteria (schema)
Base class for IDS Profile criteria
All the filtering criteria objects extend from this abstract class.
This is present for extensibility.
This is an abstract type. Concrete child types:
IdsProfileConjunctionOperator
IdsProfileFilterCriteria
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | string | Required Enum: IdsProfileConjunctionOperator, IdsProfileFilterCriteria |
IdsProfileFilterCriteria (schema)
IDS Profile filter criteria
Represents the filtering criteria of a IDS Profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| filter_name | Represents the filter name Represents the filter for IDS Profile. |
string | Required Enum: CVSS, ATTACK_TARGET, ATTACK_TYPE, PRODUCT_AFFECTED |
| filter_value | Represents the value of selected filter name Represents the value of selected filter name. Note : The supported values for filter name CVSS are NONE, LOW, MEDIUM, HIGH, CRITICAL. NONE means CVSS score as 0.0 LOW means CVSS score as 0.1-3.9 MEDIUM means CVSS score as 4.0-6.9 HIGH means CVSS score as 7.0-8.9 CRITICAL means CVSS score as 9.0-10.0 |
array of string | Required |
| resource_type | Must be set to the value IdsProfileFilterCriteria | string | Required Enum: IdsProfileConjunctionOperator, IdsProfileFilterCriteria |
IdsProfileLocalSignature (schema)
IDS Profile local signature
IDS Profile local signature.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Global IDS signature's action It denotes the global action of a IDS Signature. This will take precedence over IDS signature's action. |
string | Enum: ALERT, DROP, REJECT |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable | Flag to Activate/Deactivate a IDS Signature globally. Flag through which user can Activate/Deactivate a Signature at Global Level. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsProfileLocalSignature | string | |
| signature_id | Signature ID Represents the Signature's id. |
string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsProfileSeverity (schema)
Intrusion Detection System Profile severity
Intrusion Detection System Profile severity.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ignore_signatures | Represents the signatures that will be ignored Contains the id of signatures that will be ignored as part of the profile. This field is deprecated, please use ignore_signatures field under IdsProfile to ignore the signatures. |
array of string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsProfileSeverity | string | |
| severity | Severity of profile Represents the severity of a profile. |
string | Required Enum: CRITICAL, HIGH, MEDIUM, LOW, SUSPICIOUS |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsRule (schema)
A rule specifies the IDS security policy rule between the workload groups
Represents the Intrusion Detection System rule which indicates the action to be performed for the corresponding workload groups.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Action The action to be applied. |
string | Enum: DETECT, DETECT_PREVENT |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_groups | Destination group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| destinations_excluded | Negation of destination groups If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups |
boolean | Default: "False" |
| direction | Direction Define direction of traffic. |
string | Enum: IN, OUT, IN_OUT Default: "IN_OUT" |
| disabled | Flag to deactivate the rule Flag to deactivate the rule. Default is activated. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ids_profiles | IDS profiles collections of IDS or Anti-Malware profiles. At Max 1 each Profile will be supported. |
array of string | Minimum items: 1 Maximum items: 2 |
| ip_protocol | IPv4 vs IPv6 packet type Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null. |
string | Enum: IPV4, IPV6, IPV4_IPV6 |
| is_default | Default rule flag A flag to indicate whether rule is a default rule. |
boolean | Readonly |
| logged | Enable logging flag Flag to enable packet logging. Default is deactivated. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| notes | Text for additional notes on changes Text for additional notes on changes. |
string | Maximum length: 2048 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| oversubscription | Rule-level selection for oversubscription behavior Following are the choices for oversubscription configuration at the rule-level. INHERIT_GLOBAL: Inherit the behavior from the global settings BYPASSED: Oversubscribed packets would be bypassed from the IDPS Engine DROPPED: Oversubscribed packets would be dropped |
Oversubscription | Default: "INHERIT_GLOBAL" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profiles | Layer 7 service profiles or TLS action profile Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed. |
array of string | Maximum items: 128 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsRule | string | |
| rule_id | Unique rule ID This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on. |
integer | Readonly |
| scope | The list of policy paths where the rule is applied
LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number of the this Rule This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number |
int | Minimum: 0 |
| service_entries | Raw services In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null. |
array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry |
Maximum items: 128 |
| services | Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| source_groups | Source group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| sources_excluded | Negation of source groups If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups |
boolean | Default: "False" |
| tag | Tag applied on the rule User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsSecurityPolicy (schema)
Contains ordered list of IDS Rules
Represents the Intrusion Detection System Security Policy, which contains
the list of IDS Rules.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| comments | SecurityPolicy lock/unlock comments Comments for security policy lock/unlock. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| internal_sequence_number | Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories. |
int | Readonly |
| is_default | Default policy flag A flag to indicate whether policy is a default policy. |
boolean | Readonly |
| lock_modified_by | User who locked the security policy ID of the user who last modified the lock for the secruity policy. |
string | Readonly |
| lock_modified_time | SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| locked | Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsSecurityPolicy | string | |
| rule_count | Rule count The count of rules in the policy. |
int | Readonly |
| rules | IDS Rules that are a part of this SecurityPolicy | array of IdsRule | |
| scheduler_path | Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration. |
string | |
| scope | The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999. |
int | Minimum: 0 |
| stateful | Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_strict | Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. |
boolean | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsSettings (schema)
Intrusion Detection System settings
Represents the Intrusion Detection System settings.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| auto_update | Auto update signatures flag Parameter to let the user decide whether to update the IDS Signatures automatically or not. |
boolean | Default: "False" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ids_events_to_syslog | Flag to send IDS events to syslog server. Flag to send IDS events to syslog server. |
boolean | Default: "False" |
| ids_ever_enabled | Flag which tells whether IDS was ever enabled. Flag which tells whether IDS was ever enabled. |
boolean | Readonly |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| oversubscription | Global toggle for whether the IDS oversubscribed packets need to be bypassed or dropped Following are the choices for oversubscription configuration at the global level. BYPASSED: Oversubscribed packets would be bypassed from the IDPS Engine DROPPED: Oversubscribed packets would be dropped |
Oversubscription | Default: "BYPASSED" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsSettings | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsSignature (schema)
Intrusion Detection System Signature
Intrusion Detection System Signature .
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Represents the signature's action Signature action. |
string | |
| attack_target | Signature attack target Target of the signature. |
string | |
| categories | IDS Signature Internal category Represents the internal categories a signature belongs to. |
array of IdsSignatureInternalCategory | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| class_type | Signature class type Class type of Signature. |
string | |
| confidence | Confidence Signature's confidence score. |
string | |
| cves | Represents the cve score. CVE score |
array of string | |
| cvss | CVSS of signature Represents the cvss value of a Signature. The value is derived from cvssv3 or cvssv2 score. NONE means cvssv3/cvssv2 score as 0.0 LOW means cvssv3/cvssv2 score as 0.1-3.9 MEDIUM means cvssv3/cvssv2 score as 4.0-6.9 HIGH means cvssv3/cvssv2 score as 7.0-8.9 CRITICAL means cvssv3/cvssv2 score as 9.0-10.0 |
string | Enum: NONE, LOW, MEDIUM, HIGH, CRITICAL |
| cvss_score | Signature CVSS score Represents the cvss value of a Signature. The value is derived from cvssv3 or cvssv2 score. If cvssv3 exists, then this is the cvssv3 score, else it is the cvssv2 score. |
string | |
| cvssv2 | Signature cvssv2 score Signature cvssv2 score. |
string | |
| cvssv3 | Signature cvssv3 score Signature cvssv3 score. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| direction | Direction Source-destination direction. |
string | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable | Activate/Deactivate flag Flag which tells whether the signature is enabled or not. |
boolean | |
| flow | Flow established. Flow established from server, from client etc. |
string | |
| id | Unique identifier of this resource | string | Sortable |
| impact | Impact Impact of Signature. |
string | |
| malware_family | Malware Family Family of the malware tracked in the signature. |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| mitre_attack | MitreAttack Mitre Attack details of Signature. |
array of MitreAttack | |
| name | Represents the signature name Signature name. |
string | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| performance_impact | Performance impact Performance impact of the signature. |
string | |
| policy | Policy Signature policy. |
array of string | |
| product_affected | Signature product affected Product affected by this signature. |
string | |
| protocol | Protocol Protocol used in the packet analysis. |
string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsSignature | string | |
| risk_score | Risk Score Risk score of signature. |
string | |
| severity | Signature severity Represents the severity of the Signature. |
string | |
| signature | Signature Decoded Signature. |
string | |
| signature_id | Signature ID Represents the Signature's id. |
string | |
| signature_revision | Signature revision Represents revision of the Signature. |
string | |
| signature_severity | Signature severity Signature vendor set severity of the signature rule. |
string | |
| tag | Signature tag Vendor assigned classification tag. |
array of string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| type | Type Signature type. |
array of string | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| urls | List of mitre attack URLs pertaining to signature. List of mitre attack URLs pertaining to signature |
array of string |
IdsSignatureInternalCategory (schema)
IDS signature internal categories
Represents the internal categories.
APPLICATION : IDS signature having protocol comes under APPLICATION internal category.
MALWARE: IDS signature having malware_family comes under this internal category.
VULNERABILITY : IDS signature having cvssv3 score comes under this internal category.
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsSignatureInternalCategory | IDS signature internal categories Represents the internal categories. APPLICATION : IDS signature having protocol comes under APPLICATION internal category. MALWARE: IDS signature having malware_family comes under this internal category. VULNERABILITY : IDS signature having cvssv3 score comes under this internal category. |
string | Enum: APPLICATION, MALWARE, VULNERABILITY |
IdsSignatureStatus (schema)
Intrusion Detection System signature status
Ids signature status.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| download_status | IDS signature download status READY means signatures were downloaded and parsed successfully. PENDING means that signatures download is in progress. ERROR means error occurred during signature processing. DISABLED means IDS is deactivated. |
string | Readonly Enum: READY, PENDING, ERROR, DISABLED |
| failure_cause | Failure Cause If signature download fails then this will tell the failure cause. |
string | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsSignatureStatus | string | |
| signature_status | IDS signature status AVAILABLE means the signatures are available for the version. UNAVAILABLE means there are no available signatures for the version. |
string | Readonly Enum: AVAILABLE, UNAVAILABLE |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| version_id | Version Id Represents the version id. |
string | Readonly |
IdsSignatureVersion (schema)
Intrusion Detection System signature version
It represents the version information corresponding to which the
signatures will be available.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| change_log | Change log Represents the version's change log. |
string | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsSignatureVersion | string | |
| sites | Represents the Sites mapped with the Signature Version. Contains the path of sites that has been mapped with the Signature Version. |
array of string | |
| state | State of the Version This flag tells which Version is currently active. ACTIVE: It means the signatures under this version is currently been used under IDS Profiles. NOTACTIVE: It means signatures of this version are available but not being used in IDS Profiles. |
string | Readonly Enum: ACTIVE, NOTACTIVE |
| status | Status of the Version This flag tells the status of the signatures under a version. OUTDATED: It means the signatures under this version are outdated and new version is available. LATEST: It means the signatures of this version are up to date. |
string | Readonly Enum: OUTDATED, LATEST |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| update_time | IDS Signature Version update time Time when this version was downloaded and saved. |
EpochMsTimestamp | Readonly |
| user_uploaded | User Uploaded Signature bundle flag Flag which tells whether the Signature version is uploaded by user or not. |
boolean | Readonly |
| version_id | Version Id Represents the version id. |
string | Readonly |
IdsStandaloneHostConfig (schema)
Intrusion Detection System configuration
IDS configuration to activate/deactivate IDS on standalone host level.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ids_enabled | IDS enabled flag If set to true, IDS is enabled on standalone hosts. |
boolean | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsStandaloneHostConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IkeDigestAlgorithm (schema)
Digest Algorithms used in IKE negotiations
The IkeDigestAlgorithms are used to verify message
integrity during Ike negotiation. SHA1 produces 160
bits hash and SHA2_XXX produces XXX bit hash.
| Name | Description | Type | Notes |
|---|---|---|---|
| IkeDigestAlgorithm | Digest Algorithms used in IKE negotiations The IkeDigestAlgorithms are used to verify message integrity during Ike negotiation. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash. |
string | Enum: SHA1, SHA2_256, SHA2_384, SHA2_512 |
IkeEncryptionAlgorithm (schema)
Encryption algorithms used in IKE
IKEEncryption algorithms are used to ensure confidentiality of
the messages exchanged during IKE negotiations. AES stands for
Advanced Encryption Standards. AES_128 uses 128-bit keys whereas
AES_256 uses 256-bit keys for encryption and decryption. AES_128
and AES_256 use CBC mode of encryption. AES_GCM stands for
Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and
is used to provide both confidentiality and data origin
authentication. AES_GCM composed of two separate functions one
for encryption(AES) and one for authentication(GMAC).
AES_GCM algorithms will be available with IKE_V2 version only.
AES_GCM_128 uses 128-bit keys.
AES_GCM_192 uses 192-bit keys.
AES_GCM_256 uses 256-bit keys.
| Name | Description | Type | Notes |
|---|---|---|---|
| IkeEncryptionAlgorithm | Encryption algorithms used in IKE IKEEncryption algorithms are used to ensure confidentiality of the messages exchanged during IKE negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to provide both confidentiality and data origin authentication. AES_GCM composed of two separate functions one for encryption(AES) and one for authentication(GMAC). AES_GCM algorithms will be available with IKE_V2 version only. AES_GCM_128 uses 128-bit keys. AES_GCM_192 uses 192-bit keys. AES_GCM_256 uses 256-bit keys. |
string | Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256 |
ImportRequestParameter (schema)
Import task request parameters
This holds the request parameters required to invoke the import task.
| Name | Description | Type | Notes |
|---|---|---|---|
| draft_description | Description to be set on the draft Description to be set on the draft, which will hold the imported configuration. |
string | |
| draft_display_name | Display name to be set on the draft Display name to be set on the draft, which will hold the imported configuration. |
string | Required Minimum length: 1 |
| file | File to be imported The file having stored firewall configuration. Only zip file will be accepted. |
multipart_file | Required |
| passphrase | Passphrase to verify imported files Passphrase to verify imported files. Passphrase needs to be same as provided earlier to export operation which generated these imported files. The passphrase specified must be at least 8 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one non-space special character. |
secure_string | Required |
ImportTask (schema)
Import task information
This object holds the information of the import task.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| async_response_available | True if response for asynchronous request is available | boolean | Readonly |
| cancelable | True if this task can be canceled | boolean | Readonly |
| description | Description of the task | string | Readonly |
| draft_path | Policy path of a draft Policy path of a draft in which the imported configuration gets stored after completion of import task. |
string | Readonly |
| end_time | The end time of the task in epoch milliseconds | EpochMsTimestamp | Readonly |
| failure_msg | Reason of the task failure This property holds the reason of the task failure, if any. |
string | Readonly |
| id | Identifier for this task | string | Readonly |
| message | A message describing the disposition of the task | string | Readonly |
| progress | Task progress if known, from 0 to 100 | integer | Readonly Minimum: 0 Maximum: 100 |
| request_method | HTTP request method | string | Readonly |
| request_uri | URI of the method invocation that spawned this task | string | Readonly |
| start_time | The start time of the task in epoch milliseconds | EpochMsTimestamp | Readonly |
| status | Current status of the task | TaskStatus | Readonly |
| user | Name of the user who created this task | string | Readonly |
IncludedFieldsParameters (schema)
A list of fields to include in query results
| Name | Description | Type | Notes |
|---|---|---|---|
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string |
Infra (schema)
Infra
Infra space related policy.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildBfdProfile ChildCaBundle ChildConstraint ChildConstraintGlobalConfig ChildDhcpRelayConfig ChildDhcpServerConfig ChildDnsSecurityProfile ChildDomain ChildEvpnTenantConfig ChildFloodProtectionProfile ChildFullSyncState ChildGatewayQosProfile ChildGlobalManager ChildGlobalManagerConfig ChildIPDiscoveryProfile ChildIpv6DadProfile ChildIpv6NdraProfile ChildMacDiscoveryProfile ChildPolicyContextProfile ChildPolicyDnsForwarderZone ChildPolicyDraft ChildPolicyFirewallScheduler ChildPolicyFirewallSessionTimerProfile ChildPolicyLabel ChildPolicyLatencyStatProfile ChildPolicyTransportZoneProfile ChildQoSProfile ChildSegment ChildSegmentSecurityProfile ChildService ChildSite ChildSpan ChildSpoofGuardProfile ChildTier0 ChildTier1 ChildTlsCertificate ChildTlsCrl ChildTlsCsr ChildTraceflowConfig ChildVMTagReplicationPolicy |
|
| connectivity_strategy | Connectivity strategy used by this tenant The connectivity strategy is deprecated. Use default layer3 rule, /infra/domains/default/security-policies/default-layer3-security-policy/rules/default-layer3-rule. This field indicates the default connectivity policy for the infra or tenant space WHITELIST - Adds a default drop rule. Administrator can then use "allow" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelisting with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rules are added. |
string | Deprecated Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| domains | Domains for infra This field is used while creating or updating the infra space. |
array of Domain | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Infra | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
InfraSecurityConfig (schema)
NSX global configs for security purposes, like trust store and trust manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| ca_signed_only | A flag to indicate whether the server certs are only allowed to be ca-signed. When this flag is set to true (for NDcPP compliance) only ca-signed certificates will be allowed to be applied as server certificates. Since this check has now moved to the compliance-report, enabling this check is no longer required if the NDcPP Security alarms have been enabled. |
boolean | |
| crl_checking_enabled | A flag to indicate whether the Java trust-managers check certificate revocation When this flag is set to true, during certificate checking the CRL is fetched and checked whether the certificate is revoked or not. Setting this property to false results in lower security. It is not advisable to import certificate without CRL info while CRL checking is deactivated, and then re-enable CRL checking. |
boolean | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| eku_checking_enabled | A flag to indicate whether the Extended Key Usage extension in the certificate is checked. When this flag is set to true, during certificate checking the Extended Key Usage extension is expected to be present, indicating whether the certificate is to be used a client certificate or server certificate. Setting this value to false is not recommended as it leads to lower security and operational risk. Since this check has now moved to the compliance-report, enabling/disabling this flag no longer has any effect when applying certificates. |
boolean | |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value InfraSecurityConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
IngressBroadcastRateLimiter (schema)
A shaper that specifies ingress rate properties in kb/s
| Name | Description | Type | Notes |
|---|---|---|---|
| average_bandwidth | Average bandwidth in kb/s | int | Minimum: 0 Default: "0" |
| burst_size | Burst size in bytes | int | Minimum: 0 Default: "0" |
| enabled | boolean | Required | |
| peak_bandwidth | Peak bandwidth in kb/s | int | Minimum: 0 Default: "0" |
| resource_type | Must be set to the value IngressBroadcastRateLimiter | string | Required Enum: IngressRateLimiter, IngressBroadcastRateLimiter, EgressRateLimiter Default: "IngressRateLimiter" |
IngressRateLimiter (schema)
A shaper that specifies ingress rate properties in Mb/s
| Name | Description | Type | Notes |
|---|---|---|---|
| average_bandwidth | Average bandwidth in Mb/s You can use the average bandwidth to reduce network congestion. |
int | Minimum: 0 Default: "0" |
| burst_size | Burst size in bytes The burst duration is set in the burst size setting. |
int | Minimum: 0 Default: "0" |
| enabled | boolean | Required | |
| peak_bandwidth | Peak bandwidth in Mb/s The peak bandwidth rate is used to support burst traffic. |
int | Minimum: 0 Default: "0" |
| resource_type | Must be set to the value IngressRateLimiter | string | Required Enum: IngressRateLimiter, IngressBroadcastRateLimiter, EgressRateLimiter Default: "IngressRateLimiter" |
InitiateClusterRestoreRequest (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | IP address or FQDN of the node from which the backup was taken | string | Readonly Format: hostname-or-ip |
| node_id | Unique id of the backed-up configuration from which the appliance will be restored | string | Required Readonly |
| timestamp | Timestamp of the backed-up configuration from which the appliance will be restored | EpochMsTimestamp | Required Readonly |
Injection (schema)
Injection
Injection holding a key and a corresponding value.
| Name | Description | Type | Notes |
|---|---|---|---|
| key | Key Injection key. |
string | Required |
| value | Value Injection value. |
InjectionValue (Abstract type: pass one of the following concrete types) UnaryOperationBasedInjectionValue |
Required |
InjectionValue (schema)
Injection Value
Injection Value.
This is an abstract type. Concrete child types:
UnaryOperationBasedInjectionValue
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Resource Type Injection Value resource type. |
string | Required Enum: UnaryOperationBasedInjectionValue |
InstallUpgradeServiceProperties (schema)
install-upgrade service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | True if service enabled; otherwise, false | boolean | Required |
| enabled_on | IP of manager on which install-upgrade is enabled | string | Readonly |
InstructionInfo (schema)
Details of the instructions displayed during restore process
| Name | Description | Type | Notes |
|---|---|---|---|
| actions | Actions list A list of actions that are to be applied to resources |
array of string | Required Readonly |
| fields | Displayable fields A list of fields that are displayable to users in a table |
array of string | Required Readonly |
| id | UUID of the instruction | string | Required Readonly |
| name | Instruction name | string | Required Readonly |
IntegerArrayConstraintValue (schema)
Array of Integer Values to perform operation
List of values
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Must be set to the value IntegerArrayConstraintValue | string | Required Enum: StringArrayConstraintValue, CidrArrayConstraintValue, IntegerArrayConstraintValue |
| values | Array of Integer Array of integer values |
array of int | Required Minimum items: 1 Maximum items: 100 |
IntentEnforcementPointListRequestParams (schema)
List request parameters containing intent path and enforcement point path
List request parameters containing intent path and enforcement point path
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| intent_path | String path of the intent object | string | Required |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
IntentPathRequestParameter (schema)
Parameter to filter realized entities by intent path
Intent path for which state/realized entities would be fetched.
| Name | Description | Type | Notes |
|---|---|---|---|
| intent_path | String Path of the intent object Intent path of object, forward slashes must be escaped using %2F |
string | Required |
| site_path | Policy Path of the site Policy Path referencing a site. This is applicable only on a GlobalManager. If no site_path is specified, then based on the span of the intent the response will be fetched from the respective sites |
string |
IntentRuntimeRequestParameters (schema)
Request Parameters for Intent Runtime Information
Request parameters that represents a an intent path.
| Name | Description | Type | Notes |
|---|---|---|---|
| intent_path | Policy Path of the intent object Policy Path referencing an intent object. |
string | Required |
| site_path | Policy Path of the site from where the realization status needs to be fetched Policy Path referencing a site. This is applicable only on a GlobalManager. If no site_path is specified, then based on the span of the intent the response will be fetched from the respective sites |
string |
IntentStatusRequestParameters (schema)
Request Parameters for Intent Status Information
Request parameters that represents a binding between an intent path and whether the
enforcement point specific status shall be retrieved from the enforcement point or
not. A request can be parameterized with this pair and will be evaluated as follows:
- <intent_path>: the request is evaluated on all enforcement points for the given
intent with no enforced statuses' details returned.
- <intent_path, include_enforced_status=true>: the request is evaluated on all
enforcement points for the given intent with enforced statuses' details returned.
| Name | Description | Type | Notes |
|---|---|---|---|
| include_enforced_status | Include Enforced Status Flag Flag conveying whether to include detailed view of the enforcement point specific status or not. |
boolean | Default: "False" |
| intent_path | Policy Path of the intent object Policy Path referencing an intent object. |
string | Required |
| site_path | Policy Path of the site from where the realization status needs to be fetched Policy Path referencing a site. This is applicable only on a GlobalManager. If no site_path is specified, then based on the span of the intent the response will be fetched from the respective sites |
string |
InterSitePortCounters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| blocked_packets | The number of blocked packets The total number of packets blocked. |
integer | |
| dad_dropped_packets | The number of duplicate address detected packets dropped Number of duplicate address detected packets dropped. |
integer | |
| destination_unsupported_dropped_packets | The number of destination unsupported packets dropped Number of packtes dropped as destination is not supported. |
integer | |
| dropped_packets | The number of dropped packets The total number of packets dropped. |
integer | |
| firewall_dropped_packets | The number of firewall packets dropped Number of firewall packets dropped. |
integer | |
| frag_needed_dropped_packets | The number of fragmentation needed packets dropped Number of fragmentation needed packets dropped. |
integer | |
| ipsec_dropped_packets | The number of IPSec packets dropped Number of IPSec packets dropped |
integer | |
| ipsec_no_sa_dropped_packets | The number of IPSec no security association packets dropped Number of IPSec no security association packets dropped. |
integer | |
| ipsec_no_vti_dropped_packets | The number of IPSec no VTI packets dropped Number of IPSec packets dropped as no VTI is present. |
integer | |
| ipsec_pol_block_dropped_packets | The number of IPSec policy block packets dropped Number of IPSec policy block packets dropped. |
integer | |
| ipsec_pol_err_dropped_packets | The number of IPSec policy error packets dropped Number of IPSec policy error packets dropped. |
integer | |
| ipv6_dropped_packets | The number of IPV6 packets dropped Number of IPV6 packets dropped. |
integer | |
| kni_dropped_packets | The number of kernal NIC interface packets dropped Number of DPDK kernal NIC interface packets dropped. |
integer | |
| l4port_unsupported_dropped_packets | The number of L4 port unsupported packets dropped Number of packets dropped due to unsupported L4 port. |
integer | |
| malformed_dropped_packets | The number of malformed packets dropped Number of packtes dropped as they are malformed. |
integer | |
| no_arp_dropped_packets | The number of no ARP packets dropped Number of no ARP packets dropped. |
integer | |
| no_linked_dropped_packets | The number of no linked packets dropped Number of packets dropped as no linked ports are present. |
integer | |
| no_mem_dropped_packets | The number of no memory packets dropped Number of packets dropped due to insufficient memory. |
integer | |
| no_receiver_dropped_packets | The number of no receiver packets dropped Number of packets dropped due to absence of receiver. |
integer | |
| no_route_dropped_packets | The number of no route packets dropped | integer | |
| non_ip_dropped_packets | The number of non IP packets dropped Number of non IP packets dropped. |
integer | |
| proto_unsupported_dropped_packets | The number of protocol unsupported packets dropped Number of packets dropped as protocol is unsupported. |
integer | |
| redirect_dropped_packets | The number of redirect packets dropped Number of redirect packets dropped. |
integer | |
| rpf_check_dropped_packets | The number of reverse-path forwarding check packets dropped Number of reverse-path forwarding check packets dropped. |
integer | |
| service_insert_dropped_packets | The number of service insert packets dropped Number of service insert packets dropped. |
integer | |
| total_bytes | The total number of bytes The total number of bytes transferred. |
integer | |
| total_packets | The total number of packets The total number of packets transferred. |
integer | |
| ttl_exceeded_dropped_packets | The number of time to live exceeded packets dropped Number of time to live exceeded packets dropped. |
integer |
InterVrfRouteAdvertisementTypes (schema)
Inter-vrf route advertisement types
Inter-vrf route advertisement types.
TIER0_STATIC: Redistribute user added static routes.
TIER0_CONNECTED: Redistribute TIER0 connected subnets.
TIER0_NAT: Redistribute NAT IPs owned by TIER0.
TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets.
TIER0_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER0.
TIER1_STATIC: Redistribute user added static routes.
TIER1_CONNECTED: Redistribute Tier1 connected subnets.
TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances.
TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances.
TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances.
TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1 instances.
TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER1.
| Name | Description | Type | Notes |
|---|---|---|---|
| InterVrfRouteAdvertisementTypes | Inter-vrf route advertisement types Inter-vrf route advertisement types. TIER0_STATIC: Redistribute user added static routes. TIER0_CONNECTED: Redistribute TIER0 connected subnets. TIER0_NAT: Redistribute NAT IPs owned by TIER0. TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets. TIER0_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER0. TIER1_STATIC: Redistribute user added static routes. TIER1_CONNECTED: Redistribute Tier1 connected subnets. TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances. TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances. TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances. TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1 instances. TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER1. |
string | Enum: TIER0_STATIC, TIER0_CONNECTED, TIER0_NAT, TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_ENDPOINT, TIER1_STATIC, TIER1_CONNECTED, TIER1_LB_SNAT, TIER1_LB_VIP, TIER1_NAT, TIER1_DNS_FORWARDER_IP, TIER1_IPSEC_LOCAL_ENDPOINT |
InterfaceArpCsvRecord (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip | The IP address | IPAddress | Required |
| mac_address | The MAC address | string | Required |
InterfaceArpEntry (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip | The IP address | IPAddress | Required |
| mac_address | The MAC address | string | Required |
InterfaceArpProxy (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| arp_proxy_entries | Array of ARP proxy table entries | array of PolicyArpProxyEntry | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| interface_path | Policy path of gateway interface | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
InterfaceArpProxyCsvEntry (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| arp_proxy_ip | ARP proxy service addresses ARP proxy information for a service with ip. |
string | Readonly |
| interface_path | Policy path of gateway interface | string | Readonly |
| service_id | Service type id Identifier of connected service on port. |
string | Readonly |
InterfaceArpTable (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| edge_path | Policy path of edge node Policy path of edge node. |
string | |
| enforcement_point_path | Enforcement point path String Path of the enforcement point. |
string | |
| interface_path | The ID of the logical router port | string | Required |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | array of InterfaceArpEntry | ||
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
InterfaceArpTableInCsvFormat (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| file_name | File name File name set by HTTP server if API returns CSV result as a file. |
string | |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| results | array of InterfaceArpCsvRecord |
InterfaceDADState (schema)
Interface DAD status
Duplicate address detection status on the interface.
| Name | Description | Type | Notes |
|---|---|---|---|
| dad_statuses | IPv6 DAD status Array of DAD status which contains DAD information for IP addresses on the interface. |
array of InterfaceIPv6DADStatus | Readonly |
| interface_path | Policy path or realization ID of interface Policy path or realization ID of interface for which IPv6 DAD status is returned. |
string | Readonly |
InterfaceIPv6DADStatus (schema)
IPv6 DAD status for Interface
Duplicate address detection status for IP address on the interface.
| Name | Description | Type | Notes |
|---|---|---|---|
| edge_paths | Edge node paths Array of edge nodes on which DAD status is reported for given IP address. |
array of string | Readonly |
| ip_address | IP address IP address on the port for which DAD status is reported. |
IPAddress | Readonly |
| status | DAD Status DAD status for IP address on the port. |
DADStatus | Readonly |
InterfaceSubnet (schema)
Subnet specification for interface connectivity
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | IP addresses assigned to interface | array of IPAddress | Required |
| prefix_len | Subnet prefix length | int | Required Minimum: 1 Maximum: 128 |
IntersiteGatewayConfig (schema)
Intersite gateway configuration
Intersite gateway configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| fallback_sites | Fallback sites Fallback site to be used as new primary site on current primary site failure. Disaster recovery must be initiated via API/UI. Fallback site configuration is supported only for T0 gateway. T1 gateway will follow T0 gateway's primary site during disaster recovery. |
array of string | |
| intersite_transit_subnet | Transit subnet in CIDR format IPv4 subnet for inter-site transit segment connecting service routers across sites for stretched gateway. For IPv6 link local subnet is auto configured. |
string | Default: "169.254.32.0/20" Format: ip-cidr-block |
| last_admin_active_epoch | Epoch of last time admin changing active LocaleServices Epoch(in seconds) is auto updated based on system current timestamp when primary locale service is updated. It is used for resolving conflict during site failover. If system clock not in sync then User can optionally override this. New value must be higher than the current value. |
integer | Maximum: 4294967295 |
| primary_site_path | Primary egress site for gateway. Primary egress site for gateway. T0/T1 gateway in Active/Standby mode supports stateful services on primary site. In this mode primary site must be set if gateway is stretched to more than one site. For T0 gateway in Active/Active primary site is optional field. If set then secondary site prefers routes learned from primary over locally learned routes. This field is not applicable for T1 gateway with no services. |
string |
IntervalBackupSchedule (schema)
Schedule to specify the interval time at which automated backups need to be taken
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Must be set to the value IntervalBackupSchedule | string | Required Enum: WeeklyBackupSchedule, IntervalBackupSchedule |
| seconds_between_backups | Time interval in seconds between two consecutive automated backups | integer | Minimum: 300 Maximum: 86400 Default: "3600" |
InvalidCertificateAction (schema)
Action for invalid certificates
If presented invalid certificates take this action.
| Name | Description | Type | Notes |
|---|---|---|---|
| InvalidCertificateAction | Action for invalid certificates If presented invalid certificates take this action. |
string | Readonly Enum: BLOCK, ALLOW |
InvalidConfigSummary (schema)
Invalid Configuration Summary
Invalid Configuration details for a category.
| Name | Description | Type | Notes |
|---|---|---|---|
| category | Configuration Category Configuration category representing resources not supported for the federation site configuration onboarding. |
string | Required Readonly |
| resource_count | Resource Count Total resource count for category |
integer | Required Readonly |
| resource_summary_details | Resource Summary List Represents list of resource summaries for a configuration category which are not supported for the federation site configuration onboarding. |
array of ResourceSummaryDetail | Required Readonly Maximum items: 10 |
IpAddressAllocation (schema)
Parameters for IP allocation
Allocation parameters for the IP address (e.g. specific IP address) can be specified. Tags, display_name and description attributes are not supported in this release.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| allocated_ip | Represents IP Address that is allocated from a pool in a NSX+ instance. | IPAddress | Readonly |
| allocation_ip | Address that is allocated from pool | IPAddress | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IpAddressAllocation | string | |
| sync_realization | Synchronize realization Realization of intent will be called synchronously |
boolean | Default: "False" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IpAddressBlock (schema)
IP address space represented by network address and prefix
A block of IP addresses defined by a start address and a mask/prefix (network CIDR). An IP block is typically large & allocated to a tenant for automated consumption. An IP block is always a contiguous address space, for example 192.0.0.1/8. An IP block can be further subdivided into subnets called IP block subnets. These IP block subnets can be added to IP pools and used for IP allocation.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| available_allocation_size | Current available size of an IpAddressBlock This size indicates available allocation size of an IpAddressBlock. Note: This field is deprecated. Please use below GET API instead. https://<policy-mgr>/policy/api/v1/infra/ip-blocks/Finance-block/usage |
string | Deprecated |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cidr | A contiguous IP address space represented by network address and prefix length Represents a network address and the prefix length which will be associated with a layer-2 broadcast domain. Support IPv4 and IPv6 CIDR. |
string | Required Format: ip-cidr-block |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_address_type | Type of IP address. This indicates the type of IP address. |
string | Readonly Enum: IPV4, IPV6 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IpAddressBlock | string | |
| sync_realization | Synchronize realization If this property is set to true, realization of intent will be called synchronously |
boolean | Default: "False" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| visibility | Visibility of IpAddressBlock Represents visibility or scope of IpAddressBlock and expected consumption of IpAddressBlock with same scope. It is empty by default. Visibility cannot be updated once block is associated with other intents. If visibility is populated then sync_realization will be true. |
string | Enum: PRIVATE, EXTERNAL |
IpAddressInfo (schema)
Ipaddress information of the fabric node.
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | IP Addresses of the the virtual network interface, as discovered in the source. | array of IPAddress | Required Readonly |
| source | Source of the ipaddress information. | string | Required Readonly Enum: VM_TOOLS |
IpAddressPool (schema)
A collection of IP subnets
IpAddressPool is a collection of subnets. The subnets can either be derived from an IpBlock or specified by the user. User can request for IP addresses to be allocated from a pool. When an IP is requested from a pool, the IP that is returned can come from any subnet that belongs to the pool.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| check_overlap_with_existing_pools | Whether to perform overlap check with existing IpAddressPools while realization. If an existing IpAddressPool is found that overlaps with the given IpAddressPool, then a validation error would be thrown while realization. It is false by default. |
boolean | Default: "False" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_address_type | Type of IP Address. Represents the type of IP addresses present inside the pool. |
string | Readonly Enum: IPV4, IPV6, DUAL |
| ip_release_delay | IP address release delay in milliseconds Delay in milliseconds, while releasing allocated IP address from IP pool (Default is 2 mins). |
integer | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pool_usage | IpAddressPool usage statistics Shows Pool statistics like total IPs, allocated IPs, requested IP allocations and available IPs of an IpAddressPool. |
PolicyPoolUsage | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IpAddressPool | string | |
| sync_realization | Synchronize realization Realization of intent will be called synchronously |
boolean | Default: "False" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| visibility | Visibility of IpAddressPool Represents visibility or scope of IpAddressPool and expected consumption of IpAddressPool with same scope. Visibility cannot be updated once pool is created. It is empty by default. |
string | Enum: PRIVATE, PUBLIC |
IpAddressPoolBlockSubnet (schema)
IpAddressPoolSubnet dynamically carved out of a IpAddressBlock
This type of subnet allows user to dynamically carve a subnet out of a preconfigured IpAddressBlock. The user must specify the size of the subnet and the IpAddressBlock from which the subnet is to be derived. If the required amount of IP address space is available in the specified IpAddressBlock, the system automatically configures subnet range. IpAddressBlock available size is calculated based on the size of IpAddressPoolBlockSubnet intent object and not on realized. The user should delete failed IpAddressPoolBlockSubnet to utilize IpAddressBlock size correctly.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| allocation_range | Range used for allocation/release of IPs from subnet. Allocation range is used to limit subnet range to be used for allocations of IPs from subnet. This must be less than or equal to subnet size. Instead of taking whole subnet range for allocations, user can limit the range used for allocation of IPs. This is very useful in IPv6 case where big subnets needs to be carved out from IpAddressBlock but whole subnet range will not be needed for IP allocations. Eg: subnet range is (2002:2345::0001-2002:2345::7fff:ffff): subnet_start_ip: 2002:2345::0001-2002:2345 subnet_end_ip: 2002:2345::7fff:ffff User would like to use only 128 IPs for allocations. allocation_range: 128 allocation range used (2002:2345::0001-2002:2345::7fff:007f): allocation_range_start_ip: 2002:2345::0001-2002:2345 allocation_range_end_ip: 2002:2345::7fff:007f |
integer | Minimum: 1 Maximum: 1048576 |
| auto_assign_gateway | Indicate whether default gateway is to be reserved from the range If this property is set to true, the first IP in the range will be reserved for gateway. |
boolean | Default: "True" |
| broadcast_address | Broadcast Address Represents Broadcast address of the subnet in a NSX+ instance. |
string | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cidr | A contiguous IP address space represented by network address and prefix length Represents network address and the prefix length in a NSX+ instance which will be associated with a layer-2 broadcast domain. |
string | Readonly Format: ip-cidr-block |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| gateway_address | Gateway Address Represents Gateway address of the subnet in a NSX+ instance. |
string | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| ip_block_path | The path of the IpAddressBlock from which the subnet is to be created. | string | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| network_address | Network Address Represents Network address of the subnet in a NSX+ instance. |
string | Readonly |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IpAddressPoolBlockSubnet | IpAddressPoolSubnetType | Required |
| size | Represents the size or number of IP addresses in the subnet The size parameter is required for subnet creation. It must be specified during creation but cannot be changed later. Please use subnet_size instead as integer type cannot hold big values needs for IPv6. |
integer | Deprecated |
| start_ip | Represents start ip address of the subnet For internal system use Only. Represents start ip address of the subnet from IP block. Subnet ip adddress will start from this ip address. |
IPAddress | |
| subnet_size | Represents the size or number of IP addresses in the subnet The size parameter is required for subnet creation. It must be specified during creation but cannot be changed later. |
string | |
| sync_realization | Synchronize realization Realization of intent will be called synchronously |
boolean | Default: "False" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IpAddressPoolStaticSubnet (schema)
IpAddressPoolSubnet statically configured by a user
This type of subnet is statically configured by the user. The user provides the range details and the gateway for the subnet.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| allocation_ranges | A collection of IPv4 or IPv6 IP Pool Ranges. | array of IpPoolRange | Required |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cidr | Subnet representation is a network address and prefix length | string | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dns_nameservers | The collection of upto 3 DNS servers for the subnet. | array of IPAddress | Maximum items: 3 |
| dns_suffix | The DNS suffix for the DNS server. | string | Format: hostname |
| gateway_ip | The default gateway address on a layer-3 router. | IPAddress | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IpAddressPoolStaticSubnet | IpAddressPoolSubnetType | Required |
| sync_realization | Synchronize realization Realization of intent will be called synchronously |
boolean | Default: "False" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IpAddressPoolSubnet (schema)
Abstract class for IpSubnet in a IpAddressPool
IpAddressPoolSubnet can either be carved out of a PolicyBlock or statically specified by the user. In the first case where the subnet is carved out of a IpAddressBlock, the user must specify the ID of the block from which this subnet is to be derived. This block must be pre-created. The subnet range is auto populated by the system. In the second case, the user configures the subnet range directly. No IpAddressBlock is required.
This is an abstract type. Concrete child types:
IpAddressPoolBlockSubnet
IpAddressPoolStaticSubnet
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IpAddressPoolSubnet | IpAddressPoolSubnetType | Required |
| sync_realization | Synchronize realization Realization of intent will be called synchronously |
boolean | Default: "False" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IpAddressPoolSubnetType (schema)
Type of IpAddressPoolSubnet
IpAddressPoolSubnet can either be carved out of a PolicyBlock or statically specified. A subnet to be carved out of a IpAddressBlock is of type IpAddressPoolBlockSubnet A subnet statically specified by the user is of type IpAddressPoolStaticSubnet
| Name | Description | Type | Notes |
|---|---|---|---|
| IpAddressPoolSubnetType | Type of IpAddressPoolSubnet IpAddressPoolSubnet can either be carved out of a PolicyBlock or statically specified. A subnet to be carved out of a IpAddressBlock is of type IpAddressPoolBlockSubnet A subnet statically specified by the user is of type IpAddressPoolStaticSubnet |
string | Enum: IpAddressPoolBlockSubnet, IpAddressPoolStaticSubnet |
IpInfo (schema) (Deprecated)
Only support IP address or subnet. Its type can be of
IPv4 or IPv6. It will be converted to subnet when netmask
is specified(e.g., 192.168.1.3/24 => 192.168.1.0/24,
2008:12:12:12::2/64 => 2008:12:12:12::/64).
This type is deprecated. Please use the type NetworkInfo instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| dst_ip | The destination IP address or subnet The destination IP can be an IP address or a subnet. |
IPElement | |
| src_ip | The source IP address or subnet The source IP can be an IP address or a subnet. |
IPElement |
IpPoolRange (schema)
A set of IPv4 or IPv6 addresses defined by a start and end address.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| end | The end IP Address of the IP Range. | IPAddress | Required |
| start | The start IP Address of the IP Range. | IPAddress | Required |
Ipv4Header (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dst_ip | The destination ip address. | IPv4Address | |
| flags | IP flags | integer | Minimum: 0 Maximum: 8 Default: "0" |
| protocol | IP protocol - defaults to ICMP | integer | Minimum: 0 Maximum: 255 Default: "1" |
| src_ip | The source ip address. | IPv4Address | |
| src_subnet_prefix_len | source subnet prefix length. This is used together with src_ip to calculate dst_ip for broadcast when dst_ip is not given; not used in all other cases. |
integer | Minimum: 1 Maximum: 32 |
| ttl | Time to live (ttl) | integer | Minimum: 0 Maximum: 255 Default: "64" |
Ipv6DadProfile (schema)
Duplicate address detection profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| dad_mode | DAD Mode | DADMode | Default: "LOOSE" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| ns_retries | NS retries count Number of Neighbor solicitation packets generated before completing the Duplicate address detection process. |
integer | Minimum: 0 Maximum: 10 Default: "3" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Ipv6DadProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| wait_time | Wait time The time duration in seconds, to wait for Neighbor advertisement after sending the Neighbor solicitation message. |
integer | Minimum: 0 Maximum: 60 Default: "1" |
Ipv6DadProfileListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of Ipv6DadProfile | array of Ipv6DadProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
Ipv6Header (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dst_ip | The destination ip address. | IPv6Address | |
| hop_limit | hop limit Decremented by 1 by each node that forwards the packets. The packet is discarded if Hop Limit is decremented to zero. |
integer | Minimum: 0 Maximum: 255 Default: "64" |
| next_header | Identifies the type of header immediately following the IPv6 header. | integer | Minimum: 0 Maximum: 255 Default: "58" |
| src_ip | The source ip address. | IPv6Address |
Ipv6NdraProfile (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dns_config | DNS Configurations | RaDNSConfig | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| ndra_advertised_route | Route advertised in NDRAProfile.
|
array of NDRAAdvertisedRoute | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| ra_config | RA Configuration | RAConfig | Required |
| ra_mode | RA Mode | RAMode | Required Default: "SLAAC_DNS_THROUGH_RA" |
| reachable_timer | Reachable timer Neighbour reachable time duration in milliseconds. A value of 0 means unspecified. |
integer | Minimum: 0 Maximum: 3600000 Default: "0" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Ipv6NdraProfile | string | |
| retransmit_interval | Retransmission interval The time, in milliseconds, between retransmitted neighbour solicitation messages. |
integer | Minimum: 0 Maximum: 4294967295 Default: "1000" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
Ipv6NdraProfileListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of Ipv6NdraProfile | array of Ipv6NdraProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
IssuerSerialNumber (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| issuer | Issuer Distinguished Name (DN) Issuer Distinguished Name of the revoked certificates. |
string | |
| serial_numbers | Certificate Serial Numbers List of Certificate Serial Numbers issued by the specified issuers. |
array of string |
KeySize (schema)
Crypto key size
| Name | Description | Type | Notes |
|---|---|---|---|
| KeySize | Crypto key size | integer |
KeyStoreInfo (schema)
KeyStoreInfo
Key Store information about the url alias or datasource.
| Name | Description | Type | Notes |
|---|---|---|---|
| keystore | A location of the keystore file A location of the keystor file which stores private key and identity certificates that will be presented to both parties (server or client) for verification. |
string | |
| keystore_alias | An alias is used to uniquely identifies the entry in keystore Its an alias specified when an entity is added to the keystore. |
string | |
| keystore_phrase | A location of the key store pass phrase file. A location of the key store pass phrase file. |
string | |
| truststore | A location of the trust store file. A location of the trust store file which stores the certificate from CA that verify the certificate presented by the server in SSL connection. |
string |
KeyValue (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| key | Key name. | string | Required |
| value | Key value. | string | Required |
KeyValuePair (schema)
An arbitrary key-value pair
| Name | Description | Type | Notes |
|---|---|---|---|
| key | Key | string | Required Maximum length: 255 |
| value | Value | string | Required Maximum length: 255 |
KnownHostParameter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| host | Known host hostname or IP address | HostnameOrIPv4Address | Required |
| port | Known host port | integer | Minimum: 1 Maximum: 65535 Default: "22" |
L2AutoRD (schema)
Layer 2 Auto assigned Route Distinguisher
| Name | Description | Type | Notes |
|---|---|---|---|
| l2_auto_rd | Layer 2 auto assigned route distinghusher | string | |
| l2_vni | Layer 2 Virtual Network Interface | string |
L2BridgeEndpointProfile (schema)
Layer 2 Bridge Endpoint Profile
Used to configure L2 Bridge endpoint profile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| edge_paths | List of path of Edge nodes List of policy paths to edge nodes. Edge allocation for L2 bridging. |
array of string | Minimum items: 1 Maximum items: 2 |
| failover_mode | Failover mode for the edge bridge cluster | string | Enum: PREEMPTIVE, NON_PREEMPTIVE Default: "PREEMPTIVE" |
| ha_mode | High availability mode for the edge bridge cluster High avaialability mode can be active-active or active-standby. High availability mode cannot be modified after realization. |
string | Enum: ACTIVE_STANDBY Default: "ACTIVE_STANDBY" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L2BridgeEndpointProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L2BridgeEndpointProfileListRequestParameters (schema)
Layer 2 bridge endpoint list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
L2BridgeEndpointProfileListResult (schema)
Paged Collection of L2BridgeEndpointProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | L2BridgeEndpointProfile list results | array of L2BridgeEndpointProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
L2Extension (schema)
Segment specific L2 VPN configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| l2vpn_path | Policy path of associated L2 VPN session This property has been deprecated. Please use the property l2vpn_paths for setting the paths of associated L2 VPN session. This property will continue to work as expected to provide backwards compatibility. However, when both l2vpn_path and l2vpn_paths properties are specified, only l2vpn_paths is used. |
string | Deprecated |
| l2vpn_paths | Policy paths of associated L2 VPN sessions Policy paths corresponding to the associated L2 VPN sessions |
array of string | |
| local_egress | Local Egress Local Egress. |
LocalEgress | |
| tunnel_id | Tunnel ID | int | Minimum: 1 Maximum: 4093 |
L2ForwarderRemoteMacsPerSite (schema) (Experimental)
| Name | Description | Type | Notes |
|---|---|---|---|
| remote_active_ips | Remote active IPs Remote active IP addresses. |
array of IPAddress | Readonly |
| remote_mac_addresses | Remote mac addresses Remote mac addresses. |
array of string | Readonly |
| remote_site | Remote site Remote site details. |
ResourceReference | Required Readonly |
| remote_standby_ips | Remote standby IPs Remote standby IP addresses. |
array of IPAddress | Readonly |
| rtep_group_id | RTEP group id of logical switch per site 32 bit unique RTEP group id of the logical switch per site. |
integer | Required Readonly |
L2ForwarderStatusPerNode (schema) (Experimental)
| Name | Description | Type | Notes |
|---|---|---|---|
| high_availability_status | Service router's HA status High Availability status of a service router on the edge node. |
string | Required Readonly Enum: ACTIVE, STANDBY, DOWN, SYNC, UNKNOWN |
| transport_node | Transport node Edge node details from where the router status is being retrieved. |
ResourceReference | Required Readonly |
L2L3RuntimeRequestParameters (schema)
L2 L3 connectivity runtime status request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| edge_path | Policy path of edge node Policy path of edge node. Edge should be member of enforcement point. |
string | |
| enforcement_point_path | String Path of the enforcement point Enforcement point path. |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| source | Source of statistics data The data source can be either realtime or cached. If not provided, cached data is returned. |
DataSourceType | |
| stats_type | Segment statistics type This indicates the type of statistics being requested. We support statistics from the data plane. |
string | Enum: DATAPATH_STATS |
| transport_node_id | Transport Node Id Identifer of the transport node. This is a UUID. |
string |
L2TcpMaxSegmentSizeClamping (schema)
TCP MSS Clamping
TCP MSS Clamping Direction and Value.
| Name | Description | Type | Notes |
|---|---|---|---|
| direction | Maximum Segment Size Clamping Direction Specifies the traffic direction for which to apply MSS Clamping. |
string | Enum: NONE, BOTH Default: "BOTH" |
| max_segment_size | Maximum Segment Size Value MSS defines the maximum amount of data that a host is willing to accept in a single TCP segment. This field is set in TCP header during connection establishment. To avoid packet fragmentation, you can set this field depending on uplink MTU and VPN overhead. This is an optional field and in case it is left unconfigured, best possible MSS value will be calculated based on effective mtu of uplink interface. Supported MSS range is 108 to 8852. |
integer | Minimum: 108 Maximum: 8860 |
L2VPNService (schema)
L2VPN Service
L2VPN Service defines if service running as server or client. It also
defines all the common properties for the multiple L2VPN Sessions
associated with this service.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_hub | Enable spoke to spoke (client) forwarding via hub (server) This property applies only in SERVER mode. If set to true, traffic from any client will be replicated to all other clients. If set to false, traffic received from clients is only replicated to the local VPN endpoint. |
boolean | Default: "False" |
| encap_ip_pool | IP Pool for Logical Taps IP Pool to allocate local and peer endpoint IPs for L2VpnSession logical tap. |
array of IPv4CIDRBlock | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| mode | L2VPN Service Mode Specify an L2VPN service mode as SERVER or CLIENT. |
string | Enum: SERVER, CLIENT Default: "SERVER" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L2VPNService | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L2VPNSession (schema)
L2VPN Session
Defines the tunnel local and peer addresses along with multiple
tansport tunnels for redundancy. L2VPNSession belongs to only one
L2VPNService.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enable L2VPN session Enable to extend all the associated segments. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L2VPNSession | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_mss_clamping | TCP MSS Clamping TCP Maximum Segment Size Clamping Direction and Value. This feature is supported for L2VPN Sessions that are Server mode only. |
L2TcpMaxSegmentSizeClamping | |
| transport_tunnels | List of transport tunnels List of transport tunnels for redundancy. |
array of string | Required Minimum items: 1 Maximum items: 1 |
| tunnel_encapsulation | Tunnel encapsulation config Tunnel encapsulation config. This property only applies in CLIENT mode. It is auto-populated from the L2VPNSessionData. |
L2VPNTunnelEncapsulation | Readonly |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L2VPNTunnelEncapsulation (schema)
L2VPN Tunnel Encapsulation
L2VPN tunnel encapsulation config.
| Name | Description | Type | Notes |
|---|---|---|---|
| local_endpoint_address | IP Address of the tunnel port IP Address of the local tunnel port. This property only applies in CLIENT mode. |
IPv4Address | Readonly |
| peer_endpoint_address | IP Address of the peer tunnel port IP Address of the peer tunnel port. This property only applies in CLIENT mode. |
IPv4Address | Readonly |
| protocol | Encapsulation protocol Encapsulation protocol used by the tunnel. |
string | Readonly Enum: GRE Default: "GRE" |
L2Vpn (schema) (Deprecated)
L2 Virtual Private Network Configuration
Contains information necessary to configure L2Vpn.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enable L2Vpn Enable to extend all the associated segments. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L2Vpn | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transport_tunnels | List of paths referencing transport tunnels List of paths referencing transport tunnels. |
array of string | Required Minimum items: 1 Maximum items: 1 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L2VpnContext (schema) (Deprecated)
L2Vpn Context
L2Vpn Context provides meta-data information about the parent Tier-0.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_hub | Enable to act as hub If enabled, the tier-0 acts as a Hub and replicates traffic received from peer to all other peers. If disabled, the tier-0 acts as a Spoke and replicates only the local. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L2VpnContext | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L3Vpn (schema) (Deprecated)
L3 Virtual Private Network Configuration
Contains information necessary to configure IPSec VPN.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dh_groups | DH group Diffie-Hellman group to be used if PFS is enabled. Default group is GROUP14. |
array of PolicyDHGroup | Maximum items: 1 |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_perfect_forward_secrecy | Enable perfect forward secrecy If true, perfect forward secrecy (PFS) is enabled. |
boolean | Default: "True" |
| enabled | Enable L3Vpn Flag to enable L3Vpn. Default is enabled. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| ike_digest_algorithms | Digest Algorithm for IKE Algorithm to be used for message digest during Internet Key Exchange(IKE) negotiation. Default is SHA2_256. |
array of PolicyIKEDigestAlgorithm | Maximum items: 1 |
| ike_encryption_algorithms | Encryption algorithm for IKE Algorithm to be used during Internet Key Exchange(IKE) negotiation. Default is AES_128. |
array of PolicyIKEEncryptionAlgorithm | Maximum items: 1 |
| ike_version | IKE version IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2. |
PolicyIKEVersion | Default: "IKE_V2" |
| l3vpn_session | L3Vpn Session | L3VpnSession (Abstract type: pass one of the following concrete types) PolicyBasedL3VpnSession RouteBasedL3VpnSession |
Required |
| local_address | IPv4 address of local gateway | IPv4Address | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| passphrases | List of IPSec pre-shared keys List of IPSec pre-shared keys used for IPSec authentication. If not specified, the older passphrase values are retained if there are any. |
array of secure_string | Maximum items: 1 |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| remote_private_address | Identifier of the remote site This field is used to resolve conflicts in case of a remote site being behind NAT as remote public ip address is not enough. If it is not the case the remote public address should be provided here. If not provided, the value of this field is set to remote_public_address. |
string | |
| remote_public_address | Public IPv4 address of remote gateway | IPv4Address | Required |
| resource_type | Must be set to the value L3Vpn | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tunnel_digest_algorithms | Digest Algorithm for Tunnel Establishment Algorithm to be used for message digest during tunnel establishment. Default algorithm is empty. |
array of PolicyTunnelDigestAlgorithm | Maximum items: 1 |
| tunnel_encryption_algorithms | Encryption algorithm for Tunnel Establishement Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128. |
array of PolicyTunnelEncryptionAlgorithm | Maximum items: 1 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L3VpnContext (schema) (Deprecated)
L3Vpn Context
L3Vpn Context provides the configuration context that different L3Vpns can consume.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| available_local_addresses | IPv4 addresses of the local gateway Local gateway IPv4 addresses available for configuration of each L3Vpn. |
array of PolicyIPAddressInfo | |
| bypass_rules | List of Bypass L3VpnRules Bypass L3Vpn rules that will be shared across L3Vpns. Only Bypass action is supported on these L3Vpn rules. |
array of L3VpnRule | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enable L3 Virtual Private Network (VPN) service If true, enable L3Vpn Service for given tier-0. Enabling/disabling this service affects all L3Vpns under the given tier-0. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| ike_log_level | Internet key exchange (IKE) log level Log level for internet key exchange (IKE). |
string | Enum: DEBUG, INFO, WARN, ERROR, EMERGENCY Default: "INFO" |
| label | Policy path referencing Label Policy path referencing Label. A label is used as a mechanism to group route-based L3Vpns in order to apply edge firewall rules on members' VTIs. |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L3VpnContext | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L3VpnRule (schema) (Deprecated)
L3Vpn Rule
For policy-based L3Vpn sessions, a rule specifies as its action the vpn tunnel to be used
for transit traffic that meets the rule's match criteria.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Action to apply to the traffic transiting through the L3Vpn Action to exchange data with or without protection. PROTECT - Allows to exchange data with ipsec protection. Protect rules are defined per L3Vpn. BYPASS - Allows to exchange data without ipsec protection. Bypass rules are defined per L3VpnContext and affects all policy based L3Vpns. Bypass rules are prioritized over protect rules. |
string | Enum: PROTECT, BYPASS Default: "PROTECT" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destinations | List of remote subnets List of remote subnets used in policy-based L3Vpn. |
array of L3VpnSubnet | Required Minimum items: 1 Maximum items: 128 |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L3VpnRule | string | |
| sequence_number | Sequence number of the L3VpnRule This field is used to resolve conflicts between multiple L3VpnRules associated with a single L3Vpn or L3VpnContext. |
int | |
| sources | List of local subnets List of local subnets used in policy-based L3Vpn. |
array of L3VpnSubnet | Required Minimum items: 1 Maximum items: 128 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L3VpnSession (schema) (Deprecated)
L3Vpn Session
Contains information about L3Vpn session.
This is an abstract type. Concrete child types:
PolicyBasedL3VpnSession
RouteBasedL3VpnSession
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | L3VpnSessionResourceType | Required |
L3VpnSessionResourceType (schema) (Deprecated)
Resource type of L3Vpn Session
- A Policy Based L3Vpn is a configuration in which protect rules to match local
and remote subnet needs to be defined. Tunnel is established for each pair of
local and remote subnet defined in protect rules.
- A Route Based L3Vpn is more flexible, more powerful and recommended over policy
based. IP Tunnel subnet is created and all traffic routed through tunnel subnet
(commonly known as VTI) is sent over tunnel. Routes can be learned through BGP.
A route based L3Vpn is required when using redundant L3Vpn.
| Name | Description | Type | Notes |
|---|---|---|---|
| L3VpnSessionResourceType | Resource type of L3Vpn Session - A Policy Based L3Vpn is a configuration in which protect rules to match local and remote subnet needs to be defined. Tunnel is established for each pair of local and remote subnet defined in protect rules. - A Route Based L3Vpn is more flexible, more powerful and recommended over policy based. IP Tunnel subnet is created and all traffic routed through tunnel subnet (commonly known as VTI) is sent over tunnel. Routes can be learned through BGP. A route based L3Vpn is required when using redundant L3Vpn. |
string | Deprecated Enum: PolicyBasedL3VpnSession, RouteBasedL3VpnSession |
L3VpnSubnet (schema) (Deprecated)
Subnet used in L3Vpn Rule
Used to specify subnets in L3Vpn rule.
| Name | Description | Type | Notes |
|---|---|---|---|
| subnet | Subnet Subnet used in L3Vpn Rule. |
IPv4CIDRBlock | Required |
L4PortSetServiceEntry (schema)
An ServiceEntry that represents TCP or UDP protocol
L4PortSet can be specified in comma separated notation of parts. Parts of a
L4PortSet includes single integer or range of port in hyphen notation.
Example of a PortSet: "22, 33-70, 44".
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_ports | Number of values should not exceed 15, ranges count as 2 values.
|
array of PortElement | Maximum items: 15 |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| l4_protocol | string | Required Enum: TCP, UDP |
|
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L4PortSetServiceEntry | string | Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry |
| source_ports | Number of values should not exceed 15, ranges count as 2 values.
|
array of PortElement | Maximum items: 15 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L7AccessAttributes (schema)
Policy Attributes data holder
Supported Attribute Keys are APP_ID, URL_CATEGORY, URL_REPUTATION, CUSTOM_URL
| Name | Description | Type | Notes |
|---|---|---|---|
| attribute_source | Source of attribute value i.e whether system defined or custom value | string | Enum: SYSTEM, CUSTOM Default: "SYSTEM" |
| custom_url_partial_match | true value would be treated as a partial match for custom url True value for this flag will be treated as a partial match for custom url |
boolean | |
| datatype | Datatype for attribute | string | Required Enum: STRING |
| description | Description for attribute value | string | |
| isALGType | Is the value ALG type Describes whether the APP_ID value is ALG type or not. |
boolean | |
| key | Key for attribute URL_Reputation is currently not available. Please do not use it in Attribute Key while creating context profile |
string | Required Enum: APP_ID, DOMAIN_NAME, URL_CATEGORY, URL_REPUTATION, CUSTOM_URL |
| metadata | Provide additional meta information about key/values This is optional part that can hold additional data about the attribute key/values. Example - For URL CATEGORY key , it specified super category for url category value. This is generic array and can hold multiple meta information about key/values in future |
array of ContextProfileAttributesMetadata | |
| sub_attributes | Reference to sub attributes for the attribute | array of PolicySubAttributes | |
| value | Value for attribute key Multiple attribute values can be specified as elements of array. |
array of string | Required Minimum items: 1 |
L7AccessEntry (schema)
Policy L7 Access entry
An entity that encapsulates attributes like APP_ID, CUSTOM_URL, URL_CATEGORY, URL_REPUTATION.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | L7AccessEntryAction | Required | |
| attributes | Array of Policy L7 Access Profile attributes Property containing attributes/sub-attributes for Policy L7 Access Profile. |
array of L7AccessAttributes | Required Maximum items: 1 |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| disabled | Flag to deactivate the entry Flag to deactivate the entry. Default is activated. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| logged | Enable logging flag Flag to activate packet logging. Default is deactivated. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L7AccessEntry | string | |
| sequence_number | Policy L7 Access Entry Order Determines the order of the entry in this profile. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. |
int | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L7AccessEntryAction (schema)
L7 acces profile entry action
The action to be applied to all the services.
| Name | Description | Type | Notes |
|---|---|---|---|
| L7AccessEntryAction | L7 acces profile entry action The action to be applied to all the services. |
string | Required Enum: ALLOW, REJECT, REJECT_WITH_RESPONSE |
L7AccessProfile (schema)
Policy L7 Acces profile
An entity that encapsulates multiple L7 access profile entries.
The entity wil be consumed in firewall rules and can be added in new tuple called profile in
firewall rules. One of either Context Profile or L7 Access Profile can be used in firewall rule.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| default_action | L7AccessEntryAction | Required | |
| default_action_logged | Enable default logging flag Flag to activate packet logging. Default is deactivated. |
boolean | Default: "False" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| entry_count | Entry count The count of entries in the L7 profile. |
int | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| l7_access_entries | Array of Policy L7 Access Profile entries Property containing L7 access entries for Policy L7 Access Profile. |
array of L7AccessEntry | Maximum items: 1000 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L7AccessProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBAccessListControl (schema)
IP access list control to filter the connections from clients
LBAccessListControl is used to define how IP access list control can filter
the connections from clients.
| Name | Description | Type | Notes |
|---|---|---|---|
| action | IP access list control action ALLOW means connections matching grouping object IP list are allowed and requests not matching grouping object IP list are dropped. DROP means connections matching grouping object IP list are dropped and requests not matching grouping object IP list are allowed. |
string | Required Enum: ALLOW, DROP |
| enabled | Whether to enable access list control option The enabled flag indicates whether to enable access list control option. It is false by default. |
boolean | Default: "False" |
| group_path | Grouping object path The path of grouping object which defines the IP addresses or ranges to match the client IP. |
string | Required |
LBActiveMonitor (schema) (Deprecated)
Base class for each type of active LBMonitorProfile
All the active types of LBMonitorProfile extend from this abstract class.
This is present for extensibility.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBActiveMonitor | LBMonitorProfileType | Required |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBAppProfile (schema)
App profile
App profile.
This is an abstract type. Concrete child types:
LBFastTcpProfile
LBFastUdpProfile
LBHttpProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBAppProfile | LBApplicationProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBApplicationProfileType (schema)
Application profile type
An application profile can be bound to a virtual server
to specify the application protocol characteristics. It is used to
influence how load balancing is performed. Currently, three types of
application profiles are supported: LBFastTCPProfile,
LBFastUDPProfile and LBHttpProfile.
LBFastTCPProfile or LBFastUDPProfile is typically
used when the application is using a custom protocol or a standard protocol
not supported by the load balancer. It is also used in cases where the user
only wants L4 load balancing mainly because L4 load balancing has much
higher performance and scalability, and/or supports connection mirroring.
LBHttpProfile is used for both HTTP and HTTPS applications.
Though application rules, if bound to the virtual server, can be used
to accomplish the same goal, LBHttpProfile is intended to
simplify enabling certain common use cases.
LBHttpProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBApplicationProfileType | Application profile type An application profile can be bound to a virtual server to specify the application protocol characteristics. It is used to influence how load balancing is performed. Currently, three types of application profiles are supported: LBFastTCPProfile, LBFastUDPProfile and LBHttpProfile. LBFastTCPProfile or LBFastUDPProfile is typically used when the application is using a custom protocol or a standard protocol not supported by the load balancer. It is also used in cases where the user only wants L4 load balancing mainly because L4 load balancing has much higher performance and scalability, and/or supports connection mirroring. LBHttpProfile is used for both HTTP and HTTPS applications. Though application rules, if bound to the virtual server, can be used to accomplish the same goal, LBHttpProfile is intended to simplify enabling certain common use cases. LBHttpProfile is deprecated as NSX-T Load Balancer is deprecated. |
string | Enum: LBHttpProfile, LBFastTcpProfile, LBFastUdpProfile |
LBClientCertificateIssuerDnCondition (schema) (Deprecated)
Match condition for client certficate issuer DN
Match condition for client certficate issuer DN.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for issuer DN comparing If true, case is significant when comparing issuer DN value. |
boolean | Default: "True" |
| issuer_dn | Value of issuer DN Value of issuer DN. |
string | Required |
| match_type | Match type of issuer DN Match type of issuer DN. |
LbRuleMatchType | Default: "REGEX" |
LBClientCertificateSubjectDnCondition (schema) (Deprecated)
Match condition for client certficate subject DN
Match condition for client certficate subject DN.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for subject DN comparing If true, case is significant when comparing subject DN value. |
boolean | Default: "True" |
| match_type | Match type of subject DN Match type of subject DN. |
LbRuleMatchType | Default: "REGEX" |
| subject_dn | Value of subject DN Value of subject DN. |
string | Required |
LBClientSslProfile (schema) (Deprecated)
Client SSL profile
Client SSL profile.
LBClientSslProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cipher_group_label | Label of cipher group It is a label of cipher group which is mostly consumed by GUI. |
SslCipherGroup | |
| ciphers | Supported SSL cipher list to client side Supported SSL cipher list to client side. |
array of SslCipher | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_fips | FIPS compliance of ciphers and protocols This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant.. |
boolean | Readonly |
| is_secure | Secure/Insecure SSL profile flag This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure. |
boolean | Readonly |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| prefer_server_ciphers | Prefer server ciphers flag During SSL handshake as part of the SSL client Hello client sends an ordered list of ciphers that it can support (or prefers) and typically server selects the first one from the top of that list it can also support. For Perfect Forward Secrecy(PFS), server could override the client's preference. |
boolean | Default: "True" |
| protocols | Supported SSL protocol list to client side SSL versions TLS1.1 and TLS1.2 are supported and activated by default. SSLv2, SSLv3, and TLS1.0 are supported, but deactivated by default. |
array of SslProtocol | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBClientSslProfile | string | |
| session_cache_enabled | Session cache Activate or deactivate flag SSL session caching allows SSL client and server to reuse previously negotiated security parameters avoiding the expensive public key operation during handshake. |
boolean | Default: "True" |
| session_cache_timeout | SSL session cache timeout value Session cache timeout specifies how long the SSL session parameters are held on to and can be reused. |
integer | Minimum: 1 Maximum: 86400 Default: "300" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBClientSslProfileBinding (schema) (Deprecated)
Client SSL profile binding
Client SSL profile binding.
LBClientSslProfileBinding is deprecated as NSX-T Load Balancer is
deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate_chain_depth | The maximum traversal depth of client certificate chain Authentication depth is used to set the verification depth in the client certificates chain. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| client_auth | Client authentication mode Client authentication mode. |
ClientAuthType | Default: "IGNORE" |
| client_auth_ca_paths | CA path list to verify client certificate If client auth type is REQUIRED, client certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. |
array of string | |
| client_auth_crl_paths | CRL path list to verify client certificate A Certificate Revocation List (CRL) can be specified in the client-side SSL profile binding to disallow compromised client certificates. |
array of string | |
| default_certificate_path | Default service certificate identifier A default certificate should be specified which will be used if the server does not host multiple hostnames on the same IP address or if the client does not support SNI extension. |
string | Required |
| sni_certificate_paths | SNI certificate path list Client-side SSL profile binding allows multiple certificates, for different hostnames, to be bound to the same virtual server. |
array of string | |
| ssl_profile_path | Client SSL profile path Client SSL profile defines reusable, application-independent client side SSL properties. |
string |
LBConnectionDropAction (schema) (Deprecated)
Action to drop connections
This action is used to drop the connections. There is no extra propery in
this action. If there is no match condition specified, the connection will
be always dropped. This action can be specified at HTTP_ACCESS or
HTTP_FORWARDING pahse.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBConnectionDropAction | LBRuleActionType | Required |
LBCookiePersistenceProfile (schema) (Deprecated)
LBPersistenceProflie using Cookies for L7 LBVirtualServer
Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence is enabled on a
LBVirtualServer by binding a persistence profile to it.
LBCookiePersistenceProfile is deprecated as NSX-T Load Balancer is
deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cookie_domain | Cookie domain HTTP cookie domain could be configured, only available for insert mode. |
string | |
| cookie_fallback | Cookie persistence fallback If fallback is true, once the cookie points to a server that is down (i.e. admin state DISABLED or healthcheck state is DOWN), then a new server is selected by default to handle that request. If fallback is false, it will cause the request to be rejected if cookie points to a server. |
boolean | Default: "True" |
| cookie_garble | Cookie persistence garble If garble is set to true, cookie value (server IP and port) would be encrypted. If garble is set to false, cookie value would be plain text. |
boolean | Default: "True" |
| cookie_httponly | Cookie httponly flag If cookie httponly flag is true, it prevents a script running in the browser from accessing the cookie. Only available for insert mode. |
boolean | Default: "False" |
| cookie_mode | Cookie persistence mode Cookie persistence mode. |
CookiePersistenceModeType | Default: "INSERT" |
| cookie_name | Cookie name Cookie name. |
string | Default: "NSXLB" |
| cookie_path | Cookie path HTTP cookie path could be set, only available for insert mode. |
string | |
| cookie_secure | Cookie secure flag If cookie secure flag is true, it prevents the browser from sending a cookie over http. The cookie is sent only over https. Only available for insert mode. |
boolean | Default: "False" |
| cookie_time | Cookie time setting Both session cookie and persistence cookie are supported, if not specified, it's a session cookie. It expires when the browser is closed. |
LBCookieTime (Abstract type: pass one of the following concrete types) LBPersistenceCookieTime LBSessionCookieTime |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| persistence_shared | Persistence shared across LBVirtualServers Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions. |
boolean | Default: "False" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBCookiePersistenceProfile | string | Required Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBCookieTime (schema) (Deprecated)
Cookie time
Cookie time.
This is an abstract type. Concrete child types:
LBPersistenceCookieTime
LBSessionCookieTime
| Name | Description | Type | Notes |
|---|---|---|---|
| type | LBCookieTimeType | Required |
LBCookieTimeType (schema) (Deprecated)
CookieTime type
Both session cookie and persistence cookie are supported,
Use LbSessionCookieTime for session cookie time setting,
Use LbPersistenceCookieTime for persistence cookie time setting
| Name | Description | Type | Notes |
|---|---|---|---|
| LBCookieTimeType | CookieTime type Both session cookie and persistence cookie are supported, Use LbSessionCookieTime for session cookie time setting, Use LbPersistenceCookieTime for persistence cookie time setting |
string | Deprecated Enum: LBSessionCookieTime, LBPersistenceCookieTime |
LBFastTcpProfile (schema)
Fast TCP profile
Fast TCP profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| close_timeout | TCP connection idle timeout in seconds It is used to specify how long a closing TCP connection (both FINs received or a RST is received) should be kept for this application before cleaning up the connection. |
integer | Minimum: 1 Maximum: 60 Default: "8" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| ha_flow_mirroring_enabled | Flow mirroring enabled flag If flow mirroring is enabled, all the flows to the bounded virtual server are mirrored to the standby node. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| idle_timeout | TCP connection idle timeout in seconds It is used to configure how long an idle TCP connection in ESTABLISHED state should be kept for this application before cleaning up. |
integer | Minimum: 1 Maximum: 2147483647 Default: "1800" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBFastTcpProfile | LBApplicationProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBFastUdpProfile (schema)
Fast UDP profile
Fast UDP profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| flow_mirroring_enabled | Flow mirroring enabled flag If flow mirroring is enabled, all the flows to the bounded virtual server are mirrored to the standby node. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| idle_timeout | UDP idle timeout in seconds Though UDP is a connectionless protocol, for the purposes of load balancing, all UDP packets with the same flow signature (source and destination IP/ports and IP protocol) received within the idle timeout period are considered to belong to the same connection and are sent to the same backend server. If no packets are received for idle timeout period, the connection (association between flow signature and the selected server) is cleaned up. |
integer | Minimum: 1 Maximum: 2147483647 Default: "300" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBFastUdpProfile | LBApplicationProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBGenericPersistenceProfile (schema) (Deprecated)
LB generic persistence profile
Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence is enabled on a
LBVirtualServer by binding a persistence profile to it.
LBGenericPersistenceProfile cannot be attached to virtual server directly,
it can be specified in LB rule actions. In HTTP forwarding phase,
the profile can be specified in LBVariablePersistenceOnAction. In HTTP
response rewriting phase, the profile can be specified in
LBVariablePersistenceLearnAction.
LBGenericPersistenceProfile is deprecated as NSX-T Load Balancer is
deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| ha_persistence_mirroring_enabled | Mirroring enabled flag The mirroring enabled flag is to synchronize persistence entries. Persistence entries are not synchronized to the HA peer by default. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| persistence_shared | Persistence shared across LBVirtualServers Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions. |
boolean | Default: "False" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBGenericPersistenceProfile | string | Required Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Persistence entry expiration time in seconds When all connections complete (reference count reaches 0), persistence entry timer is started with the expiration time. |
integer | Minimum: 1 Maximum: 2147483647 Default: "300" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBHttpMonitorProfile (schema) (Deprecated)
LBMonitorProfile for active health checks over HTTP
Active healthchecks are deactivated by default and can be activated for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over HTTP.
Active healthchecks are initiated periodically, at a configurable
interval, to each member of the Group. Only if a healthcheck fails
consecutively for a specified number of times (fall_count) to a member will
the member status be marked DOWN. Once a member is DOWN, a specified
number of consecutive successful healthchecks (rise_count) will bring the
member back to UP state. After a healthcheck is initiated, if it does not
complete within a certain period, then also the healthcheck is considered
to be unsuccessful.
Completing a healthcheck within timeout means establishing a connection
(TCP or SSL), if applicable, sending the request and receiving the
response, all within the configured timeout.
LBHttpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| request_body | HTTP health check request body String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST. |
string | |
| request_headers | Array of HTTP request headers Array of HTTP request headers. |
array of LbHttpRequestHeader | |
| request_method | The health check method for HTTP monitor type The health check method for HTTP monitor type. |
HttpRequestMethodType | Default: "GET" |
| request_url | Customized HTTP request url for active health checks For HTTP active healthchecks, the HTTP request url sent can be customized and can include query parameters. |
string | Default: "/" |
| request_version | HTTP request version HTTP request version. |
HttpRequestVersionType | Default: "HTTP_VERSION_1_1" |
| resource_type | Must be set to the value LBHttpMonitorProfile | LBMonitorProfileType | Required |
| response_body | Response body to match If HTTP response body match string (regular expressions not supported) is specified (using LBHttpMonitor.response_body) then the healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match. If the response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is 2xx, but it can be configured to accept other status codes as successful. |
string | |
| response_status_codes | Array of single HTTP response status codes The HTTP response status code should be a valid HTTP status code. |
array of int | Maximum items: 64 |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBHttpProfile (schema) (Deprecated)
Http profile
Http profile.
LBHttpProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| http_redirect_to | Http redirect static URL If a website is temporarily down or has moved, incoming requests for that virtual server can be temporarily redirected to a URL. |
string | |
| http_redirect_to_https | Flag to indicate whether enable HTTP-HTTPS redirect Certain secure applications may want to force communication over SSL, but instead of rejecting non-SSL connections, they may choose to redirect the client automatically to use SSL. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| idle_timeout | HTTP application idle timeout in seconds It is used to specify the HTTP application idle timeout, it means that how long the load balancer will keep the connection idle to wait for the client to send the next keep-alive request. It is not a TCP socket setting. |
integer | Minimum: 1 Maximum: 5400 Default: "15" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| ntlm | NTLM support flag NTLM is an authentication protocol that can be used over HTTP. If the flag is set to true, LB will use NTLM challenge/response methodology. This property is deprecated. Please use the property server_keep_alive in order to keep the backend server connection alive for the client connection. When create a new profile, if both ntlm and server_keep_alive are set as different values, ERROR will be reported. When update an existing profile, if either ntlm or server_keep_alive value is changed, both of them are updated with the changed value. |
boolean | Deprecated |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| request_body_size | Maximum size of the buffer used to store HTTP request body If it is not specified, it means that request body size is unlimited. |
integer | Minimum: 1 Maximum: 2147483647 |
| request_header_size | Maximum size of the buffer used to store HTTP request headers A request with header equal to or below this size is guaranteed to be processed. A request with header larger than request_header_size will be processed up to 32K bytes on best effort basis. |
integer | Minimum: 1 Default: "1024" |
| resource_type | Must be set to the value LBHttpProfile | LBApplicationProfileType | Required |
| response_buffering | Activate or deactivate buffering of responses When buffering is deactivated, the response is passed to a client synchronously, immediately as it is received. When buffering is activated, LB receives a response from the backend server as soon as possible, saving it into the buffers. |
boolean | Default: "False" |
| response_header_size | Maximum size of the buffer used to store HTTP response headers A response with header larger than response_header_size will be dropped. |
integer | Minimum: 1 Maximum: 65536 Default: "4096" |
| response_timeout | Maximum server idle time in seconds If server doesn’t send any packet within this time, the connection is closed. |
integer | Minimum: 1 Maximum: 2147483647 Default: "60" |
| server_keep_alive | Server keep-alive flag If server_keep_alive is true, it means the backend connection will keep alive for the client connection. Every client connection is tied 1:1 with the corresponding server-side connection. If server_keep_alive is false, it means the backend connection won't keep alive for the client connection. If server_keep_alive is not specified for API input, its value in API output will be the same with the property ntlm. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| x_forwarded_for | Insert or replace x_forwarded_for When X-Forwareded-For is configured, X-Forwarded-Proto and X-Forwarded-Port information is added automatically. The two additional header information can be also modified or deleted in load balancer rules. |
LBXForwardedForType |
LBHttpRedirectAction (schema) (Deprecated)
Action to redirect HTTP request messages
This action is used to redirect HTTP request messages to a new URL. The
reply_status value specified in this action is used as the status code of
HTTP response message which is sent back to client (Normally a browser).
The HTTP status code for redirection is 3xx, for example, 301, 302, 303,
307, etc. The redirect_url is the new URL that the HTTP request message is
redirected to. Normally browser will send another HTTP request to the new
URL after receiving a redirection response message.
Captured variables and built-in variables can be used in redirect_url field.
For example, to redirect all HTTP requests to HTTPS requests for a virtual
server. We create an LBRule without any conditions, add an
LBHttpRedirectAction to the rule. Set the
redirect_url field of the LBHttpRedirectAction to:
https://$_host$_request_uri
And set redirect_status to "302", which means found. This rule will
redirect all HTTP requests to HTTPS server port on the same host.
| Name | Description | Type | Notes |
|---|---|---|---|
| redirect_status | HTTP response status code HTTP response status code. |
string | Required |
| redirect_url | The URL that the HTTP request is redirected to The URL that the HTTP request is redirected to. |
string | Required |
| type | Must be set to the value LBHttpRedirectAction | LBRuleActionType | Required |
LBHttpRejectAction (schema) (Deprecated)
Action to reject HTTP request messages
This action is used to reject HTTP request messages. The specified
reply_status value is used as the status code for the corresponding HTTP
response message which is sent back to client (Normally a browser)
indicating the reason it was rejected. Reference official HTTP status code
list for your specific HTTP version to set the reply_status properly.
LBHttpRejectAction does not support variables.
| Name | Description | Type | Notes |
|---|---|---|---|
| reply_message | Response message Response message. |
string | |
| reply_status | HTTP response status code HTTP response status code. |
string | Required |
| type | Must be set to the value LBHttpRejectAction | LBRuleActionType | Required |
LBHttpRequestBodyCondition (schema) (Deprecated)
Condition to match content of HTTP request message body
This condition is used to match the message body of an HTTP request.
Typically, only HTTP POST, PATCH, or PUT requests have request body.
The match_type field defines how body_value field is used to match the body
of HTTP requests.
| Name | Description | Type | Notes |
|---|---|---|---|
| body_value | HTTP request body | string | Required |
| case_sensitive | A case sensitive flag for HTTP body comparing If true, case is significant when comparing HTTP body value. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of HTTP body | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpRequestBodyCondition | LBRuleConditionType | Required |
LBHttpRequestCookieCondition (schema) (Deprecated)
Condition to match HTTP request cookie
This condition is used to match HTTP request messages by cookie which is a
specific type of HTTP header. The match_type and case_sensitive define how
to compare cookie value.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for cookie value comparing If true, case is significant when comparing cookie value. |
boolean | Default: "True" |
| cookie_name | Name of cookie Cookie name. |
string | Required |
| cookie_value | Value of cookie Cookie value. |
string | Required |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of cookie value Match type of cookie value. |
LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpRequestCookieCondition | LBRuleConditionType | Required |
LBHttpRequestHeaderCondition (schema) (Deprecated)
Condition to match HTTP request header
This condition is used to match HTTP request messages by HTTP header
fields. HTTP header fields are components of the header section of HTTP
request and response messages. They define the operating parameters of an
HTTP transaction. For example, Cookie, Authorization, User-Agent, etc. One
condition can be used to match one header field, to match multiple header
fields, multiple conditions must be specified.
The match_type field defines how header_value field is used to match HTTP
requests. The header_name field does not support match types.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for HTTP header value comparing If true, case is significant when comparing HTTP header value. |
boolean | Default: "True" |
| header_name | Name of HTTP header | string | Default: "Host" |
| header_value | Value of HTTP header | string | Required |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of HTTP header value | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpRequestHeaderCondition | LBRuleConditionType | Required |
LBHttpRequestHeaderDeleteAction (schema) (Deprecated)
Action to delete HTTP request header fields
This action is used to delete header fields of HTTP request messages at
HTTP_REQUEST_REWRITE phase. One action can be used to delete all headers
with same header name. To delete headers with different header names,
multiple actions must be defined.
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of a header field of HTTP request message Name of a header field of HTTP request message. |
string | Required |
| type | Must be set to the value LBHttpRequestHeaderDeleteAction | LBRuleActionType | Required |
LBHttpRequestHeaderRewriteAction (schema) (Deprecated)
Action to rewrite header fields of HTTP request messages
This action is used to rewrite header fields of matched HTTP request
messages to specified new values. One action can be used to rewrite one
header field. To rewrite multiple header fields, multiple actions must be
defined.
Captured variables and built-in variables can be used in the header_value
field, header_name field does not support variables.
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of HTTP request header Name of HTTP request header. |
string | Required |
| header_value | Value of HTTP request header Value of HTTP request header. |
string | Required |
| type | Must be set to the value LBHttpRequestHeaderRewriteAction | LBRuleActionType | Required |
LBHttpRequestMethodCondition (schema) (Deprecated)
Condition to match method of HTTP request messages
This condition is used to match method of HTTP requests. If the method of an
HTTP request is same as the method specified in this condition, the HTTP
request match this condition. For example, if the method field is set to
GET in this condition, any HTTP request with GET method matches the
condition.
| Name | Description | Type | Notes |
|---|---|---|---|
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| method | Type of HTTP request method | HttpRequestMethodType | Required |
| type | Must be set to the value LBHttpRequestMethodCondition | LBRuleConditionType | Required |
LBHttpRequestUriArgumentsCondition (schema) (Deprecated)
Condition to match URI arguments of HTTP requests
This condition is used to match URI arguments aka query string of Http
request messages, for example, in URI http://exaple.com?foo=1&bar=2, the
"foo=1&bar=2" is the query string containing URI arguments. In an URI
scheme, query string is indicated by the first question mark ("?")
character and terminated by a number sign ("#") character or by the end of
the URI.
The uri_arguments field can be specified as a regular expression(Set
match_type to REGEX). For example, "foo=(?<x>\d+)". It matches HTTP
requests whose URI arguments containing "foo", the value of foo contains
only digits. And the value of foo is captured as $x which can be used in
LBRuleAction fields which support variables.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for URI arguments comparing If true, case is significant when comparing URI arguments. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of URI arguments | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpRequestUriArgumentsCondition | LBRuleConditionType | Required |
| uri_arguments | URI arguments URI arguments, aka query string of URI. |
string | Required |
LBHttpRequestUriCondition (schema) (Deprecated)
Condition to match URIs of HTTP request messages
This condition is used to match URIs(Uniform Resource Identifier) of HTTP
request messages. The URI field can be specified as a regular expression.
If an HTTP request message is requesting an URI which matches specified
regular expression, it matches the condition.
The syntax of whole URI looks like this:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
This condition matches only the path part of entire URI.
When match_type field is specified as REGEX, the uri field is used as a
regular expression to match URI path of HTTP requests. For example, to
match any URI that has "/image/" or "/images/", uri field can be specified
as: "/image[s]?/".
Named capturing groups can be used in the uri field to capture substrings
of matched URIs and store them in variables for use in LBRuleAction. For
example, specify uri field as:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)"
If the URI path is /articles/news/2017/06/xyz.html, then substring "2017"
is captured in variable year, "06" is captured in variable month, and
"xyz.html" is captured in variable article. These variables can then
be used in an LBRuleAction field which supports variables, such as uri
field of LBHttpRequestUriRewriteAction. For example, set the uri field
of LBHttpRequestUriRewriteAction as:
"/articles/news/$year-$month-$article"
Then the URI path /articles/news/2017/06/xyz.html is rewritten to:
"/articles/news/2017-06-xyz.html"
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for URI comparing If true, case is significant when comparing URI. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of URI | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpRequestUriCondition | LBRuleConditionType | Required |
| uri | A string used to identify resource | string | Required |
LBHttpRequestUriRewriteAction (schema) (Deprecated)
Action to rewrite HTTP request URIs.
This action is used to rewrite URIs in matched HTTP request messages.
Specify the uri and uri_arguments fields in this condition to rewrite the
matched HTTP request message's URI and URI arguments to the new values.
Full URI scheme of HTTP messages have following syntax:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
The uri field of this action is used to rewrite the /path part in above
scheme. And the uri_arguments field is used to rewrite the query part.
Captured variables and built-in variables can be used in the uri and
uri_arguments fields.
Check the example in LBRuleAction to see how to use variables in this
action.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBHttpRequestUriRewriteAction | LBRuleActionType | Required |
| uri | URI of HTTP request URI of HTTP request. |
string | Required |
| uri_arguments | URI arguments Query string of URI, typically contains key value pairs, for example: foo1=bar1&foo2=bar2. |
string |
LBHttpRequestVersionCondition (schema) (Deprecated)
Condition to match HTTP protocol version of HTTP requests
This condition is used to match the HTTP protocol version of the HTTP
request messages.
| Name | Description | Type | Notes |
|---|---|---|---|
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| type | Must be set to the value LBHttpRequestVersionCondition | LBRuleConditionType | Required |
| version | HTTP version | HttpRequestVersionType | Required |
LBHttpResponseHeaderCondition (schema) (Deprecated)
Condition to match a header field of HTTP response
This condition is used to match HTTP response messages from backend servers
by HTTP header fields. HTTP header fields are components of the header
section of HTTP request and response messages. They define the operating
parameters of an HTTP transaction. For example, Cookie, Authorization,
User-Agent, etc. One condition can be used to match one header field, to
match multiple header fields, multiple conditions must be specified.
The match_type field defines how header_value field is used to match HTTP
responses. The header_name field does not support match types.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for HTTP header value comparing If true, case is significant when comparing HTTP header value. |
boolean | Default: "True" |
| header_name | Name of HTTP header field | string | Required |
| header_value | Value of HTTP header field | string | Required |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of HTTP header value | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpResponseHeaderCondition | LBRuleConditionType | Required |
LBHttpResponseHeaderDeleteAction (schema) (Deprecated)
Action to delete HTTP response header fields
This action is used to delete header fields of HTTP response messages at
HTTP_RESPONSE_REWRITE phase. One action can be used to delete allgi headers
with same header name. To delete headers with different header names,
multiple actions must be defined.
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of a header field of HTTP response message Name of a header field of HTTP response message. |
string | Required |
| type | Must be set to the value LBHttpResponseHeaderDeleteAction | LBRuleActionType | Required |
LBHttpResponseHeaderRewriteAction (schema) (Deprecated)
Action to rewrite HTTP response header fields
This action is used to rewrite header fields of HTTP response messages to
specified new values at HTTP_RESPONSE_REWRITE phase. One action can be used
to rewrite one header field. To rewrite multiple header fields, multiple
actions must be defined.
Captured variables and built-in variables can be used in the header_value
field, header_name field does not support variables.
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of a header field of HTTP request message Name of a header field of HTTP request message. |
string | Required |
| header_value | Value of header field Value of header field |
string | Required |
| type | Must be set to the value LBHttpResponseHeaderRewriteAction | LBRuleActionType | Required |
LBHttpSslCondition (schema) (Deprecated)
Condition to match SSL handshake and SSL connection
This condition is used to match SSL handshake and SSL connection at
all phases.If multiple properties are configured, the rule is considered
a match when all the configured properties are matched.
| Name | Description | Type | Notes |
|---|---|---|---|
| client_certificate_issuer_dn | The issuer DN match condition of the client certificate The issuer DN match condition of the client certificate for an established SSL connection. |
LBClientCertificateIssuerDnCondition | |
| client_certificate_subject_dn | The subject DN match condition of the client certificate The subject DN match condition of the client certificate for an established SSL connection. |
LBClientCertificateSubjectDnCondition | |
| client_supported_ssl_ciphers | Cipher list which supported by client Cipher list which supported by client. |
array of SslCipher | |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| session_reused | The type of SSL session reused The type of SSL session reused. |
LbSslSessionReusedType | Default: "IGNORE" |
| type | Must be set to the value LBHttpSslCondition | LBRuleConditionType | Required |
| used_protocol | Protocol of an established SSL connection Protocol of an established SSL connection. |
SslProtocol | |
| used_ssl_cipher | Cipher used for an established SSL connection Cipher used for an established SSL connection. |
SslCipher |
LBHttpsMonitorProfile (schema) (Deprecated)
LBMonitorProfile for active health checks over HTTPS
Active healthchecks are deactivated by default and can be activated for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over HTTPS. Active
healthchecks are initiated periodically, at a configurable interval, to
each member of the Group. Only if a healthcheck fails consecutively for a
specified number of times (fall_count) to a member will the member status
be marked DOWN. Once a member is DOWN, a specified number of consecutive
successful healthchecks (rise_count) will bring the member back to UP
state. After a healthcheck is initiated, if it does not complete within a
certain period, then also the healthcheck is considered to be
unsuccessful. Completing a healthcheck within timeout means establishing
a connection (TCP or SSL), if applicable, sending the request and
receiving the response, all within the configured timeout.
LBHttpsMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| request_body | HTTP health check request body String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST. |
string | |
| request_headers | Array of HTTP request headers Array of HTTP request headers. |
array of LbHttpRequestHeader | |
| request_method | The health check method for HTTP monitor type The health check method for HTTP monitor type. |
HttpRequestMethodType | Default: "GET" |
| request_url | Customized HTTPS request url for active health checks For HTTPS active healthchecks, the HTTPS request url sent can be customized and can include query parameters. |
string | Default: "/" |
| request_version | HTTP request version HTTP request version. |
HttpRequestVersionType | Default: "HTTP_VERSION_1_1" |
| resource_type | Must be set to the value LBHttpsMonitorProfile | LBMonitorProfileType | Required |
| response_body | Response body to match If HTTP response body match string (regular expressions not supported) is specified (using LBHttpMonitor.response_body) then the healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match. If the response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is 2xx, but it can be configured to accept other status codes as successful. |
string | |
| response_status_codes | Array of single HTTP response status codes The HTTP response status code should be a valid HTTP status code. |
array of int | Maximum items: 64 |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| server_ssl_profile_binding | Pool side SSL binding setting The setting is used when the monitor acts as an SSL client and establishing a connection to the backend server. |
LBServerSslProfileBinding | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBIcmpMonitorProfile (schema) (Deprecated)
LBMonitorProfile for active health checks over ICMP
Active healthchecks are deactivated by default and can be activated for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over ICMP.
Active healthchecks are initiated periodically, at a configurable
interval, to each member of the Group. Only if a healthcheck fails
consecutively for a specified number of times (fall_count) to a member will
the member status be marked DOWN. Once a member is DOWN, a specified
number of consecutive successful healt hchecks (rise_count) will bring the
member back to UP state. After a healthcheck is initiated, if it does not
complete within a certain period, then also the healthcheck is considered
to be unsuccessful. Completing a healthcheck within timeout means establishing
a connection (TCP or SSL), if applicable, sending the request and
receiving the response, all within the configured timeout.
LBIcmpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| data_length | The data size (in byte) of the ICMP healthcheck packet | integer | Minimum: 0 Maximum: 65507 Default: "56" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBIcmpMonitorProfile | LBMonitorProfileType | Required |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBIpHeaderCondition (schema) (Deprecated)
Condition to match IP header fields
This condition is used to match IP header fields of HTTP messages.
Either source_address or group_id should be specified.
| Name | Description | Type | Notes |
|---|---|---|---|
| group_path | Grouping object path Source IP address of HTTP message should match IP addresses which are configured in Group in order to perform actions. |
string | |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| source_address | Source IP address of HTTP message Source IP address of HTTP message. IP Address can be expressed as a single IP address like 10.1.1.1, or a range of IP addresses like 10.1.1.101-10.1.1.160. Both IPv4 and IPv6 addresses are supported. |
IPElement | |
| type | Must be set to the value LBIpHeaderCondition | LBRuleConditionType | Required |
LBJwtAuthAction (schema) (Deprecated)
Action to control access using JWT authentication
This action is used to control access to backend server resources using
JSON Web Token(JWT) authentication. The JWT authentication is done before
any HTTP manipulation if the HTTP request matches the given condition in
LBRule. Any verification failed, the HTTP process will be terminated, and
HTTP response with 401 status code and WWW-Authentication header will be
returned to client.
| Name | Description | Type | Notes |
|---|---|---|---|
| key | LBJwtKey used for verifying the signature of JWT token | LBJwtKey (Abstract type: pass one of the following concrete types) LBJwtCertificateKey LBJwtPublicKey LBJwtSymmetricKey |
|
| pass_jwt_to_pool | Whether to pass the JWT to backend server or remove it Specify whether to pass the JWT to backend server or remove it. By default, it is false which means will not pass the JWT to backend servers. |
boolean | Default: "False" |
| realm | JWT realm A description of the protected area. If no realm is specified, clients often display a formatted hostname instead. The configured realm is returned when client request is rejected with 401 http status. In the response, it will be "WWW-Authentication: Bearer realm=<realm>". |
string | |
| tokens | JWT tokens JWT is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Load balancer will search for every specified tokens one by one for the jwt message until found. This parameter is optional. In case not found or this field is not configured, load balancer searches the Bearer header by default in the http request "Authorization: Bearer <token>". |
array of string | |
| type | Must be set to the value LBJwtAuthAction | LBRuleActionType | Required |
LBJwtCertificateKey (schema) (Deprecated)
Specifies certificate used to verify the signature of JWT tokens
The key is used to specify certificate which is used to verify the
signature of JWT tokens.
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate_path | Certificate identifier | string | Required |
| type | Must be set to the value LBJwtCertificateKey | LBJwtKeyType | Required |
LBJwtKey (schema) (Deprecated)
Load balancer JWT key
LBJwtKey specifies the symmetric key or asymmetric public key used to
decrypt the data in JWT.
This is an abstract type. Concrete child types:
LBJwtCertificateKey
LBJwtPublicKey
LBJwtSymmetricKey
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Type of load balancer JWT key The property is used to identify JWT key type. |
LBJwtKeyType | Required |
LBJwtKeyType (schema) (Deprecated)
Type of load balancer JWT key
It is used to identify JWT key type.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBJwtKeyType | Type of load balancer JWT key It is used to identify JWT key type. |
string | Deprecated Enum: LBJwtCertificateKey, LBJwtSymmetricKey, LBJwtPublicKey |
LBJwtPublicKey (schema) (Deprecated)
Specifies public key content used to verify the signature of JWT tokens
The key is used to specify the public key content which is used to verify
the signature of JWT tokens.
| Name | Description | Type | Notes |
|---|---|---|---|
| public_key_content | Content of public key | string | Required |
| type | Must be set to the value LBJwtPublicKey | LBJwtKeyType | Required |
LBJwtSymmetricKey (schema) (Deprecated)
Specifies the symmetric key used to verify the signature of JWT tokens
The key is used to specify the symmetric key which is used to verify the
signature of JWT tokens.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBJwtSymmetricKey | LBJwtKeyType | Required |
LBMonitorProfile (schema) (Deprecated)
The object is deprecated as NSX-T Load Balancer is deprecated.
This is an abstract type. Concrete child types:
LBActiveMonitor
LBHttpMonitorProfile
LBHttpsMonitorProfile
LBIcmpMonitorProfile
LBPassiveMonitorProfile
LBTcpMonitorProfile
LBUdpMonitorProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBMonitorProfile | LBMonitorProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBMonitorProfileType (schema) (Deprecated)
Monitor type
There are two types of healthchecks: active and passive.
Passive healthchecks depend on failures in actual client traffic (e.g. RST
from server in response to a client connection) to detect that the server
or the application is down.
In case of active healthchecks, load balancer itself initiates new
connections (or sends ICMP ping) to the servers periodically to check their
health, completely independent of any data traffic.
Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP
and ICMP protocols.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBMonitorProfileType | Monitor type There are two types of healthchecks: active and passive. Passive healthchecks depend on failures in actual client traffic (e.g. RST from server in response to a client connection) to detect that the server or the application is down. In case of active healthchecks, load balancer itself initiates new connections (or sends ICMP ping) to the servers periodically to check their health, completely independent of any data traffic. Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP and ICMP protocols. |
string | Deprecated Enum: LBTcpMonitorProfile, LBUdpMonitorProfile, LBIcmpMonitorProfile, LBHttpMonitorProfile, LBHttpsMonitorProfile, LBPassiveMonitorProfile |
LBPassiveMonitorProfile (schema) (Deprecated)
Base class for each type of active LBMonitorProfile
The passive type of LBMonitorProfile.
LBPassiveMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| max_fails | Number of consecutive connection failures When the consecutive failures reach this value, then the member is considered temporarily unavailable for a configurable period |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBPassiveMonitorProfile | LBMonitorProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Timeout in seconds before it is selected again for a new connection After this timeout period, the member is tried again for a new connection to see if it is available. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBPersistenceCookieTime (schema) (Deprecated)
Persistence cookie time
Persistence cookie time.
| Name | Description | Type | Notes |
|---|---|---|---|
| cookie_max_idle | Persistence cookie max idle time in seconds HTTP cookie max-age to expire cookie, only available for insert mode. |
integer | Required Minimum: 1 Maximum: 2147483647 |
| type | Must be set to the value LBPersistenceCookieTime | LBCookieTimeType | Required |
LBPersistenceProfile (schema)
Contains the information related to load balancer persistence options
Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence is enabled on a
LBVirtualServer by binding a persistence profile to it.
LBGenericPersistenceProfile cannot be attached to LBVirtualServer
directly, it can be specified in LBVariablePersistenceOnAction or
LBVariablePersistenceLearnAction in LBRule. If a user attaches a
LBGenericPersistenceProfile directly to a virtual server, the operation
is rejected.
This is an abstract type. Concrete child types:
LBCookiePersistenceProfile
LBGenericPersistenceProfile
LBSourceIpPersistenceProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| persistence_shared | Persistence shared across LBVirtualServers Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions. |
boolean | Default: "False" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBPersistenceProfile | string | Required Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBPool (schema)
Defining access a Group from a LBVirtualServer and binding to LBMonitorProfile
Defining access of a Group from a LBVirtualServer and binding to
LBMonitorProfile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| active_monitor_paths | Active monitor path list In case of active healthchecks, load balancer itself initiates new connections (or sends ICMP ping) to the servers periodically to check their health, completely independent of any data traffic. Active healthchecks are deactivated by default and can be activated for a server pool by binding a health monitor to the pool. If multiple active monitors are configured, the pool member status is UP only when the health check status for all the monitors are UP. The property is deprecated as NSX-T Load Balancer is deprecated. |
array of string | Deprecated |
| algorithm | Load balancing algorithm Load Balancing algorithm chooses a server for each new connection by going through the list of servers in the pool. Currently, following load balancing algorithms are supported with ROUND_ROBIN as the default. ROUND_ROBIN means that a server is selected in a round-robin fashion. The weight would be ignored even if it is configured. WEIGHTED_ROUND_ROBIN means that a server is selected in a weighted round-robin fashion. Default weight of 1 is used if weight is not configured. LEAST_CONNECTION means that a server is selected when it has the least number of connections. The weight would be ignored even if it is configured. Slow start would be enabled by default. WEIGHTED_LEAST_CONNECTION means that a server is selected in a weighted least connection fashion. Default weight of 1 is used if weight is not configured. Slow start would be enabled by default. IP_HASH means that consistent hash is performed on the source IP address of the incoming connection. This ensures that the same client IP address will always reach the same server as long as no server goes down or up. It may be used on the Internet to provide a best-effort stickiness to clients which refuse session cookies. |
string | Enum: ROUND_ROBIN, WEIGHTED_ROUND_ROBIN, LEAST_CONNECTION, WEIGHTED_LEAST_CONNECTION, IP_HASH Default: "ROUND_ROBIN" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| member_group | Load balancer member setting with grouping object Load balancer pool support grouping object as dynamic pool members. When member group is defined, members setting should not be specified. |
LBPoolMemberGroup | |
| members | Load balancer pool members Server pool consists of one or more pool members. Each pool member is identified, typically, by an IP address and a port. |
array of LBPoolMember | |
| min_active_members | Minimum number of active pool members to consider pool as active A pool is considered active if there are at least certain minimum number of members. |
integer | Minimum: 1 Maximum: 2147483647 Default: "1" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| passive_monitor_path | Passive monitor path Passive healthchecks are deactivated by default and can be activated by attaching a passive health monitor to a server pool. Each time a client connection to a pool member fails, its failed count is incremented. For pools bound to L7 virtual servers, a connection is considered to be failed and failed count is incremented if any TCP connection errors (e.g. TCP RST or failure to send data) or SSL handshake failures occur. For pools bound to L4 virtual servers, if no response is received to a TCP SYN sent to the pool member or if a TCP RST is received in response to a TCP SYN, then the pool member is considered to have failed and the failed count is incremented. The property is deprecated as NSX-T Load Balancer is deprecated. |
string | Deprecated |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBPool | string | |
| snat_translation | Snat translation configuration Depending on the topology, Source NAT (SNAT) may be required to ensure traffic from the server destined to the client is received by the load balancer. SNAT can be enabled per pool. If SNAT is not enabled for a pool, then load balancer uses the client IP and port (spoofing) while establishing connections to the servers. This is referred to as no-SNAT or TRANSPARENT mode. By default Source NAT is enabled as LBSnatAutoMap. |
LBSnatTranslation (Abstract type: pass one of the following concrete types) LBSnatAutoMap LBSnatDisabled LBSnatIpPool |
|
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_multiplexing_enabled | TCP multiplexing enable flag TCP multiplexing allows the same TCP connection between load balancer and the backend server to be used for sending multiple client requests from different client TCP connections. The property is deprecated as NSX-T Load Balancer is deprecated. |
boolean | Deprecated Default: "False" |
| tcp_multiplexing_number | Maximum number of TCP connections for multiplexing The maximum number of TCP connections per pool that are idly kept alive for sending future client requests. The property is deprecated as NSX-T Load Balancer is deprecated. |
integer | Deprecated Minimum: 0 Maximum: 2147483647 Default: "6" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBPoolMember (schema)
Pool member
Pool member.
| Name | Description | Type | Notes |
|---|---|---|---|
| admin_state | Member admin state Member admin state. |
PoolMemberAdminStateType | Default: "ENABLED" |
| backup_member | Determine whether the pool member is for backup usage Backup servers are typically configured with a sorry page indicating to the user that the application is currently unavailable. While the pool is active (a specified minimum number of pool members are active) BACKUP members are skipped during server selection. When the pool is inactive, incoming connections are sent to only the BACKUP member(s). |
boolean | Default: "False" |
| display_name | Pool member name Pool member name. |
string | |
| ip_address | Pool member IP address Pool member IP address. |
IPAddress | Required |
| max_concurrent_connections | Maximum concurrent connection number To ensure members are not overloaded, connections to a member can be capped by the load balancer. When a member reaches this limit, it is skipped during server selection. If it is not specified, it means that connections are unlimited. |
integer | Minimum: 1 Maximum: 2147483647 |
| port | Pool member port number If port is specified, all connections will be sent to this port. Only single port is supported. If unset, the same port the client connected to will be used, it could be overrode by default_pool_member_port setting in virtual server. The port should not specified for port range case. |
PortElement | |
| weight | Pool member weight Pool member weight is used for WEIGHTED_ROUND_ROBIN balancing algorithm. The weight value would be ignored in other algorithms. |
integer | Minimum: 1 Maximum: 256 Default: "1" |
LBPoolMemberGroup (schema)
Pool member group
Pool member group.
| Name | Description | Type | Notes |
|---|---|---|---|
| customized_members | List of customized pool member settings The list is used to show the customized pool member settings. User can only user pool member action API to update the admin state for a specific IP address. |
array of PoolMemberSetting | |
| group_path | Grouping object path Load balancer pool support Group as dynamic pool members. The IP list of the Group would be used as pool member IP setting. |
string | Required |
| ip_revision_filter | Filter of ipv4 or ipv6 address of grouping object IP list Ip revision filter is used to filter IPv4 or IPv6 addresses from the grouping object. If the filter is not specified, both IPv4 and IPv6 addresses would be used as server IPs. The link local and loopback addresses would be always filtered out. |
string | Enum: IPV4, IPV6, IPV4_IPV6 Default: "IPV4" |
| max_ip_list_size | Maximum number of grouping object IP address list The size is used to define the maximum number of grouping object IP address list. These IP addresses would be used as pool members. If the grouping object includes more than certain number of IP addresses, the redundant parts would be ignored and those IP addresses would not be treated as pool members. If the size is not specified, one member is budgeted for this dynamic pool so that the pool has at least one member even if some other dynamic pools grow beyond the capacity of load balancer service. Other members are picked according to available dynamic capacity. The unused members would be set to DISABLED so that the load balancer system itself is not overloaded during runtime. |
integer | Minimum: 0 Maximum: 2147483647 |
| port | Pool member port for all IP addresses of the grouping object If port is specified, all connections will be sent to this port. If unset, the same port the client connected to will be used, it could be overridden by default_pool_member_ports setting in virtual server. The port should not specified for multiple ports case. |
int | Minimum: 1 Maximum: 65535 |
LBRule (schema) (Deprecated)
Binding of a LBPool and Group to a LBVirtualServer
Binding of a LBPool and Group to a LBVirtualServer
used to route application traffic passing through load balancers.
LBRule uses match conditions to match application traffic passing
through a LBVirtualServer using HTTP or HTTPS. Can bind
multiple LBVirtualServers to a Group. Each LBRule
consists of two optional match conditions, each match contidion defines a
criterion for application traffic. If no match conditions are
specified, then the LBRule will always match and it is used
typically to define default rules. If more than one match condition is
specified, then matching strategy determines if all conditions should
match or any one condition should match for the LBRule to be
considered a match. A match indicates that the LBVirtualServer
should route the request to the Group (parent of LBRule).
LBRule is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| actions | Actions to be executed A list of actions to be executed at specified phase when load balancer rule matches. The actions are used to manipulate application traffic, such as rewrite URI of HTTP messages, redirect HTTP messages, etc. |
array of LBRuleAction (Abstract type: pass one of the following concrete types) LBConnectionDropAction LBHttpRedirectAction LBHttpRejectAction LBHttpRequestHeaderDeleteAction LBHttpRequestHeaderRewriteAction LBHttpRequestUriRewriteAction LBHttpResponseHeaderDeleteAction LBHttpResponseHeaderRewriteAction LBJwtAuthAction LBSelectPoolAction LBSslModeSelectionAction LBVariableAssignmentAction LBVariablePersistenceLearnAction LBVariablePersistenceOnAction |
Required Maximum items: 60 |
| display_name | Display name for LBRule A display name useful for identifying an LBRule. |
string | |
| match_conditions | Conditions to match application traffic A list of match conditions used to match application traffic. Multiple match conditions can be specified in one load balancer rule, each match condition defines a criterion to match application traffic. If no match conditions are specified, then the load balancer rule will always match and it is used typically to define default rules. If more than one match condition is specified, then match strategy determines if all conditions should match or any one condition should match for the load balancer rule to considered a match. |
array of LBRuleCondition (Abstract type: pass one of the following concrete types) LBHttpRequestBodyCondition LBHttpRequestCookieCondition LBHttpRequestHeaderCondition LBHttpRequestMethodCondition LBHttpRequestUriArgumentsCondition LBHttpRequestUriCondition LBHttpRequestVersionCondition LBHttpResponseHeaderCondition LBHttpSslCondition LBIpHeaderCondition LBSslSniCondition LBTcpHeaderCondition LBVariableCondition |
Maximum items: 60 |
| match_strategy | Match strategy for determining match of multiple conditions If more than one match condition is specified, then matching strategy determines if all conditions should match or any one condition should match for the LB Rule to be considered a match. - ALL indicates that both host_match and path_match must match for this LBRule to be considered a match. - ANY indicates that either host_match or patch match may match for this LBRule to be considered a match. |
string | Enum: ALL, ANY Default: "ANY" |
| phase | Load balancer processing phase Each load balancer rule is used at a specific phase of load balancer processing. Currently five phases are supported, HTTP_REQUEST_REWRITE, HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS and TRANSPORT. When an HTTP request message is received by load balancer, all HTTP_REQUEST_REWRITE rules, if present are executed in the order they are applied to virtual server. And then if HTTP_FORWARDING rules present, only first matching rule's action is executed, remaining rules are not checked. HTTP_FORWARDING rules can have only one action. If the request is forwarded to a backend server and the response goes back to load balancer, all HTTP_RESPONSE_REWRITE rules, if present, are executed in the order they are applied to the virtual server. In HTTP_ACCESS phase, user can define action to control access using JWT authentication. In TRANSPORT phase, user can define the condition to match SNI in TLS client hello and define the action to do SSL end-to-end, SSL offloading or SSL passthrough using a specific load balancer server pool. |
string | Enum: HTTP_REQUEST_REWRITE, HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS, TRANSPORT Default: "HTTP_FORWARDING" |
LBRuleAction (schema) (Deprecated)
Load balancer rule action
Load balancer rule actions are used to manipulate application traffic.
Currently load balancer rules can be used at three load balancer processing
phases. Each phase has its own supported type of actions.
Supported actions in HTTP_REQUST_REWRITE phase are:
LBHttpRequestUriRewriteAction
LBHttpRequestHeaderRewriteAction
LBHttpRequestHeaderDeleteAction
LBVariableAssignmentAction
Supported actions in HTTP_FORWARDING phase are:
LBHttpRejectAction
LBHttpRedirectAction
LBSelectPoolAction
LBVariablePersistenceOnAction
LBConnectionDropAction
Supported action in HTTP_RESPONSE_REWRITE phase is:
LBHttpResponseHeaderRewriteAction
LBHttpResponseHeaderDeleteAction
LBVariablePersistenceLearnAction
Supported action in HTTP_ACCESS phase is:
LBJwtAuthAction
LBConnectionDropAction
LBVariableAssignmentAction
Supported action in TRANSPORT phase is:
LBSslModeSelectionAction
LBSelectPoolAction
If the match type of an LBRuleCondition field is specified as REGEX and
named capturing groups are used in the specified regular expression. The
groups can be used as variables in LBRuleAction fields.
For example, define a rule with LBHttpRequestUriCondition as match
condition and LBHttpRequestUriRewriteAction as action. Set match_type field
of LBHttpRequestUriCondition to REGEX, and set uri field to
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)".
Set uri field of LBHttpRequestUriRewriteAction to:
"/news/$year-$month/$article"
In uri field of LBHttpRequestUriCondition, the (?<year>\d+),
(?<month>\d+) and (?<article>.*) are named capturing groups,
they define variables named $year, $month and $article respectively. The
defined variables are used in LBHttpRequestUriRewriteAction.
For a matched HTTP request with URI "/news/2017/06/xyz.html", the substring
"2017" is captured in variable $year, "06" is captured in variable $month,
and "xyz.html" is captured in variable $article. The
LBHttpRequestUriRewriteAction will rewrite the URI to:
"/news/2017-06/xyz.html"
A set of built-in variables can be used in LBRuleAction as well. The name
of built-in variables start with underscore, the name of user defined
variables is not allowed to start with underscore.
Following are some of the built-in variables:
$_scheme: Reference the scheme part of matched HTTP messages, could be
"http" or "https".
$_host: Host of matched HTTP messages, for example "www.example.com".
$_server_port: Port part of URI, it is also the port of the server which
accepted a request. Default port is 80 for http and 443 for https.
$_uri: The URI path, for example "/products/sample.html".
$_request_uri: Full original request URI with arguments, for example,
"/products/sample.html?a=b&c=d".
$_args: URI arguments, for instance "a=b&c=d"
$_is_args: "?" if a request has URI arguments, or an empty string
otherwise.
For the full list of built-in variables, please reference the NSX-T
Administrator's Guide.
This is an abstract type. Concrete child types:
LBConnectionDropAction
LBHttpRedirectAction
LBHttpRejectAction
LBHttpRequestHeaderDeleteAction
LBHttpRequestHeaderRewriteAction
LBHttpRequestUriRewriteAction
LBHttpResponseHeaderDeleteAction
LBHttpResponseHeaderRewriteAction
LBJwtAuthAction
LBSelectPoolAction
LBSslModeSelectionAction
LBVariableAssignmentAction
LBVariablePersistenceLearnAction
LBVariablePersistenceOnAction
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Type of load balancer rule action The property identifies the load balancer rule action type. |
LBRuleActionType | Required |
LBRuleActionType (schema) (Deprecated)
Types of load balancer rule actions
Types of load balancer rule actions.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBRuleActionType | Types of load balancer rule actions Types of load balancer rule actions. |
string | Deprecated Enum: LBSelectPoolAction, LBHttpRequestUriRewriteAction, LBHttpRequestHeaderRewriteAction, LBHttpRejectAction, LBHttpRedirectAction, LBHttpResponseHeaderRewriteAction, LBHttpRequestHeaderDeleteAction, LBHttpResponseHeaderDeleteAction, LBVariableAssignmentAction, LBVariablePersistenceOnAction, LBVariablePersistenceLearnAction, LBJwtAuthAction, LBSslModeSelectionAction, LBConnectionDropAction |
LBRuleCondition (schema) (Deprecated)
Match condition of load balancer rule
Match conditions are used to match application traffic passing through
load balancers. Multiple match conditions can be specified in one load
balancer rule, each match condition defines a criterion for application
traffic.
If inverse field is set to true, the match result of the condition is
inverted.
If more than one match condition is specified, match strategy determines
if all conditions should match or any one condition should match for the
load balancer rule to be considered a match.
Currently only HTTP messages are supported by load balancer rules.
Each load balancer rule is used at a specific phase of load balancer
processing. Currently three phases are supported, HTTP_REQUEST_REWRITE,
HTTP_FORWARDING and HTTP_RESPONSE_REWRITE.
Each phase supports certain types of match conditions, supported match
conditions in HTTP_REQUEST_REWRITE phase are:
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBHttpRequestBodyCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
Supported match conditions in HTTP_FORWARDING phase are:
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBHttpRequestBodyCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
LBSslSniCondition
Supported match conditions in HTTP_RESPONSE_REWRITE phase are:
LBHttpResponseHeaderCondition
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
Supported match condition in HTTP_ACCESS phase is:
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBHttpRequestBodyCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
Supported match condition in TRANSPORT phase is:
LBSslSniCondition
This is an abstract type. Concrete child types:
LBHttpRequestBodyCondition
LBHttpRequestCookieCondition
LBHttpRequestHeaderCondition
LBHttpRequestMethodCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestUriCondition
LBHttpRequestVersionCondition
LBHttpResponseHeaderCondition
LBHttpSslCondition
LBIpHeaderCondition
LBSslSniCondition
LBTcpHeaderCondition
LBVariableCondition
| Name | Description | Type | Notes |
|---|---|---|---|
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| type | Type of load balancer rule condition | LBRuleConditionType | Required |
LBRuleConditionType (schema) (Deprecated)
Type of load balancer rule match condition
Type of load balancer rule match condition.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBRuleConditionType | Type of load balancer rule match condition Type of load balancer rule match condition. |
string | Deprecated Enum: LBHttpRequestUriCondition, LBHttpRequestHeaderCondition, LBHttpRequestMethodCondition, LBHttpRequestUriArgumentsCondition, LBHttpRequestVersionCondition, LBHttpRequestCookieCondition, LBHttpRequestBodyCondition, LBHttpResponseHeaderCondition, LBTcpHeaderCondition, LBIpHeaderCondition, LBVariableCondition, LBHttpSslCondition, LBSslSniCondition |
LBSelectPoolAction (schema) (Deprecated)
Action to select a pool for HTTP request messages
This action is used to select a pool for matched HTTP request messages. The
pool is specified by path. The matched HTTP request messages are forwarded
to the specified pool.
| Name | Description | Type | Notes |
|---|---|---|---|
| pool_id | Path of load balancer pool Path of load balancer pool. |
string | Required |
| type | Must be set to the value LBSelectPoolAction | LBRuleActionType | Required |
LBServerAuthType (schema) (Deprecated)
server authentication mode
Server authentication could be AUTO_APPLY, REQUIRED or IGNORE, it is used to
specify if the server certificate presented to the load balancer during
handshake should be actually validated or not.
Validation is automatic by default when server_auth_ca_certificate_paths are
configured and IGNORED when they are not configured.
If validation is REQUIRED, then to be accepted, server certificate must be
signed by one of the trusted CAs whose self signed certificates are
specified in the same server-side SSL profile binding.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBServerAuthType | server authentication mode Server authentication could be AUTO_APPLY, REQUIRED or IGNORE, it is used to specify if the server certificate presented to the load balancer during handshake should be actually validated or not. Validation is automatic by default when server_auth_ca_certificate_paths are configured and IGNORED when they are not configured. If validation is REQUIRED, then to be accepted, server certificate must be signed by one of the trusted CAs whose self signed certificates are specified in the same server-side SSL profile binding. |
string | Deprecated Enum: REQUIRED, IGNORE, AUTO_APPLY |
LBServerSslProfile (schema) (Deprecated)
Server SSL profile
Server SSL profile.
LBServerSslProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cipher_group_label | Label of cipher group It is a label of cipher group which is mostly consumed by GUI. |
SslCipherGroup | |
| ciphers | Supported SSL cipher list to client side Supported SSL cipher list to client side. |
array of SslCipher | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_fips | FIPS compliance of ciphers and protocols This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant. |
boolean | Readonly |
| is_secure | Secure/Insecure SSL profile flag This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure. |
boolean | Readonly |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| protocols | Supported SSL protocol list to client side SSL versions TLS1.1 and TLS1.2 are supported and activated by default. SSLv2, SSLv3, and TLS1.0 are supported, but deactivated by default. |
array of SslProtocol | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBServerSslProfile | string | |
| session_cache_enabled | Session cache activate/deactivate falg SSL session caching allows SSL client and server to reuse previously negotiated security parameters avoiding the expensive public key operation during handshake. |
boolean | Default: "True" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBServerSslProfileBinding (schema) (Deprecated)
Server SSL profile binding
Server SSL profile binding.
LBServerSslProfileBinding is deprecated as NSX-T Load Balancer is
deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate_chain_depth | The maximum traversal depth of server certificate chain Authentication depth is used to set the verification depth in the server certificates chain. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| client_certificate_path | Client certificate path To support client authentication (load balancer acting as a client authenticating to the backend server), client certificate can be specified in the server-side SSL profile binding |
string | |
| server_auth | Server authentication mode Server authentication mode. |
LBServerAuthType | Default: "AUTO_APPLY" |
| server_auth_ca_paths | CA path list to verify server certificate If server auth type is REQUIRED, server certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. |
array of string | |
| server_auth_crl_paths | CRL path list to verify server certificate A Certificate Revocation List (CRL) can be specified in the server-side SSL profile binding to disallow compromised server certificates. |
array of string | |
| ssl_profile_path | Server SSL profile path Server SSL profile defines reusable, application-independent server side SSL properties. |
string |
LBService (schema)
Loadbalancer Service
Loadbalancer Service.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| access_log_enabled | Flag to enable access log | boolean | Deprecated |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| connectivity_path | The connectivity target used to instantiate the LBService LBS could be instantiated (or created) on the Tier-1, etc. For now, only the Tier-1 object is supported. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Flag to enable the load balancer service Flag to enable the load balancer service. |
boolean | Default: "True" |
| error_log_level | Error log level of load balancer service Load balancer engine writes information about encountered issues of different severity levels to the error log. This setting is used to define the severity level of the error log. |
LbLogLevel | Default: "INFO" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| relax_scale_validation | Whether scale validation is relaxed If relax_scale_validation is true, the scale validations for virtual servers/pools/pool members/rules are relaxed for load balancer service. When load balancer service is deployed on edge nodes, the scale of virtual servers/pools/pool members for the load balancer service should not exceed the scale number of the largest load balancer size which could be configured on a certain edge form factor. For example, the largest load balancer size supported on a MEDIUM edge node is MEDIUM. So one SMALL load balancer deployed on MEDIUM edge nodes can support the scale number of MEDIUM load balancer. It is not recommended to enable active monitors if relax_scale_validation is true due to performance consideration. If relax_scale_validation is false, scale numbers should be validated for load balancer service. The property is deprecated as NSX-T Load Balancer is deprecated. |
boolean | Deprecated Default: "False" |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBService | string | |
| size | Load balancer service size Load balancer service size. The load balancer service sizes, SMALL, MEDIUM, LARGE and XLARGE are all deprecated. Customers who are using this set of features are advised to migrate to NSX Advanced Load Balancer (Avi) which provides a superset of the NSX-T load balancing functionality. |
LbServiceSize | Default: "SMALL" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBSessionCookieTime (schema) (Deprecated)
Session cookie time
Session cookie time.
| Name | Description | Type | Notes |
|---|---|---|---|
| cookie_max_idle | Session cookie max idle time in seconds Instead of using HTTP Cookie max-age and relying on client to expire the cookie, max idle time and/or max lifetime of the cookie can be used. Max idle time, if configured, specifies the maximum interval the cookie is valid for from the last time it was seen in a request. It is available for insert mode. |
integer | Minimum: 1 Maximum: 2147483647 |
| cookie_max_life | Session cookie max lifetime in seconds Max life time, if configured, specifies the maximum interval the cookie is valid for from the first time the cookie was seen in a request. It is available for insert mode. |
integer | Minimum: 1 Maximum: 2147483647 |
| type | Must be set to the value LBSessionCookieTime | LBCookieTimeType | Required |
LBSnatAutoMap (schema) (Deprecated)
Snat auto map
Snat auto map.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBSnatAutoMap | LBSnatTranslationType | Required |
LBSnatDisabled (schema)
Snat disabled
Snat disabled.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBSnatDisabled | LBSnatTranslationType | Required |
LBSnatIpElement (schema) (Deprecated)
Snat Ip element
Snat Ip element.
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | Ip address or ip range Ip address or ip range such as 1.1.1.1 or 1.1.1.101-1.1.1.160. |
IPElement | Required |
| prefix_length | Subnet prefix length Subnet prefix length should be not specified if there is only one single IP address or IP range. |
integer |
LBSnatIpPool (schema) (Deprecated)
Snat Ip pool
Snat Ip pool.
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | List of Ip address or ip range If an IP range is specified, the range may contain no more than 64 IP addresses. |
array of LBSnatIpElement | Required Maximum items: 64 |
| type | Must be set to the value LBSnatIpPool | LBSnatTranslationType | Required |
LBSnatTranslation (schema)
Snat Translation
Snat Translation.
This is an abstract type. Concrete child types:
LBSnatAutoMap
LBSnatDisabled
LBSnatIpPool
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Snat translation type Snat translation type. |
LBSnatTranslationType | Required |
LBSnatTranslationType (schema)
Snat translation type
Load balancers may need to perform SNAT to ensure reverse traffic from
the server can be received and processed by them.
There are three modes:
LBSnatAutoMap uses the load balancer interface IP and an
ephemeral port as the source IP and port of the server side connection.
LBSnatIpPool allows user to specify one or more IP addresses
along with their subnet masks that should be used for SNAT while
connecting to any of the servers in the pool.
LBSnatDisabled deactivates Source NAT. This is referred to as no-SNAT
or TRANSPARENT mode.
LBSnatAutoMap and LBSnatIpPool are deprecated as NSX-T Load Balancer is
deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBSnatTranslationType | Snat translation type Load balancers may need to perform SNAT to ensure reverse traffic from the server can be received and processed by them. There are three modes: LBSnatAutoMap uses the load balancer interface IP and an ephemeral port as the source IP and port of the server side connection. LBSnatIpPool allows user to specify one or more IP addresses along with their subnet masks that should be used for SNAT while connecting to any of the servers in the pool. LBSnatDisabled deactivates Source NAT. This is referred to as no-SNAT or TRANSPARENT mode. LBSnatAutoMap and LBSnatIpPool are deprecated as NSX-T Load Balancer is deprecated. |
string | Enum: LBSnatAutoMap, LBSnatIpPool, LBSnatDisabled |
LBSourceIpPersistenceProfile (schema)
LBPersistenceProflie using SourceIP
Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence is enabled on a
LBVirtualServer by binding a persistence profile to it.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| ha_persistence_mirroring_enabled | Mirroring enabled flag to synchronize persistence entries Persistence entries are not synchronized to the HA peer by default. The property is deprecated as NSX-T Load Balancer is deprecated. |
boolean | Deprecated Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| persistence_shared | Persistence shared across LBVirtualServers Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions. |
boolean | Default: "False" |
| purge | Persistence purge setting Persistence purge setting. |
SourceIpPersistencePurge | Default: "FULL" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBSourceIpPersistenceProfile | string | Required Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Persistence entry expiration time in seconds When all connections complete (reference count reaches 0), persistence entry timer is started with the expiration time. |
integer | Minimum: 1 Maximum: 2147483647 Default: "300" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBSslModeSelectionAction (schema) (Deprecated)
Action to select SSL mode
This action is used to select SSL mode. Three types of SSL mode actions can
be specified in Transport phase, ssl passthrough, ssl offloading and ssl
end-to-end.
| Name | Description | Type | Notes |
|---|---|---|---|
| ssl_mode | Type of SSL mode SSL Passthrough: LB establishes a TCP connection with client and another connection with selected backend server. LB won't inspect the stream data between client and backend server, but just pass it through. Backend server exchanges SSL connection with client. SSL Offloading: LB terminiates the connections from client, and establishes SSL connection with it. After receiving the HTTP request, LB connects the selected backend server and talk with it via HTTP without SSL. LB estalishes new connection to selected backend server for each HTTP request, in case server_keep_alive or multiplexing are NOT configured. SSL End-to-End: LB terminiates the connections from client, and establishes SSL connection with it. After receiving the HTTP request, LB connects the selected backend server and talk with it via HTTPS. LB estalishes new SSL connection to selected backend server for each HTTP request, in case server_keep_alive or multiplexing are NOT configured. |
string | Required Enum: SSL_PASSTHROUGH, SSL_END_TO_END, SSL_OFFLOAD |
| type | Must be set to the value LBSslModeSelectionAction | LBRuleActionType | Required |
LBSslProfile (schema) (Deprecated)
Load balancer abstract SSL profile
Load balancer abstract SSL profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBSslProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBSslSniCondition (schema) (Deprecated)
Condition to match SSL SNI in client hello
This condition is used to match SSL SNI in client hello. This condition is
only supported in TRANSPORT phase and HTTP_FORWARDING.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for SNI comparing If true, case is significant when comparing SNI value. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of SNI | LbRuleMatchType | Default: "REGEX" |
| sni | The server name indication The SNI(Server Name indication) in client hello message. |
string | Required |
| type | Must be set to the value LBSslSniCondition | LBRuleConditionType | Required |
LBTcpHeaderCondition (schema) (Deprecated)
Condition to match TCP header fields
This condition is used to match TCP header fields of HTTP messages.
Currently, only the TCP source port is supported. Ports can be expressed as
a single port number like 80, or a port range like 1024-1030.
| Name | Description | Type | Notes |
|---|---|---|---|
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| source_port | TCP source port of HTTP message | PortElement | Required |
| type | Must be set to the value LBTcpHeaderCondition | LBRuleConditionType | Required |
LBTcpMonitorProfile (schema) (Deprecated)
LBMonitorProfile for active health checks over TCP
Active healthchecks are deactivated by default and can be activated for a
server pool by binding a health monitor to the Group through the
LBRule object. This represents active health monitoring over TCP.
Active healthchecks are initiated periodically, at a configurable
interval, to each member of the Group. Only if a healthcheck fails
consecutively for a specified number of times (fall_count) to a member
will the member status be marked DOWN. Once a member is DOWN, a specified
number of consecutive successful healthchecks (rise_count) will bring
the member back to UP state. After a healthcheck is initiated, if it
does not complete within a certain period, then also
the healthcheck is considered to be unsuccessful. Completing a
healthcheck within timeout means establishing a connection (TCP or SSL),
if applicable, sending the request and receiving the response, all within
the configured timeout.
LBTcpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| receive | Expected data received from server Expected data, if specified, can be anywhere in the response and it has to be a string, regular expressions are not supported. |
string | |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBTcpMonitorProfile | LBMonitorProfileType | Required |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| send | Data to send If both send and receive are not specified, then just a TCP connection is established (3-way handshake) to validate server is healthy, no data is sent. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBUdpMonitorProfile (schema) (Deprecated)
LBMonitorProfile for active health checks over UDP
Active healthchecks are deactivated by default and can be activated for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over UDP. Active
healthchecks are initiated periodically, at a configurable interval, to
each member of the Group. Only if a healthcheck fails consecutively for a
specified number of times (fall_count) to a member will the member status
be marked DOWN. Once a member is DOWN, a specified number of consecutive
successful healthchecks (rise_count) will bring the member back to UP
state. After a healthcheck is initiated, if it does not complete within a
certain period, then also the healthcheck is considered to be
unsuccessful. Completing a healthcheck within timeout means establishing
a connection (TCP or SSL), if applicable, sending the request and
receiving the response, all within the configured timeout.
LBUdpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| receive | Expected data received from server Expected data, can be anywhere in the response and it has to be a string, regular expressions are not supported. UDP healthcheck is considered failed if there is no server response within the timeout period. |
string | Required |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBUdpMonitorProfile | LBMonitorProfileType | Required |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| send | Data to send The data to be sent to the monitored server. |
string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBVariableAssignmentAction (schema) (Deprecated)
Action to create variable and assign value to it
This action is used to create a new variable and assign value to it.
One action can be used to create one variable. To create multiple
variables, multiple actions must be defined.
The variables can be used by LBVariableCondition, etc.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBVariableAssignmentAction | LBRuleActionType | Required |
| variable_name | Name of the variable to be assigned Name of the variable to be assigned. |
string | Required |
| variable_value | Value of variable Value of variable. |
string | Required |
LBVariableCondition (schema) (Deprecated)
Condition to match IP header fields
This condition is used to match variable's name and value at all
phases. The variables could be captured from REGEX or assigned by
LBVariableAssignmentAction or system embedded variable. Varialbe_name
and variable_value should be matched at the same time.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for variable value comparing If true, case is significant when comparing variable value. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of variable value | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBVariableCondition | LBRuleConditionType | Required |
| variable_name | Name of the variable to be matched | string | Required |
| variable_value | Value of variable to be matched | string | Required |
LBVariablePersistenceLearnAction (schema) (Deprecated)
Action to learn the variable value
This action is performed in HTTP response rewrite phase. It is used to
learn the value of variable from the HTTP response, and insert an entry
into the persistence table if the entry doesn't exist.
| Name | Description | Type | Notes |
|---|---|---|---|
| persistence_profile_path | Path to LBPersistenceProfile If the persistence profile path is not specified, a default persistence table is created per virtual server. Currently, only LBGenericPersistenceProfile is supported. |
string | |
| type | Must be set to the value LBVariablePersistenceLearnAction | LBRuleActionType | Required |
| variable_hash_enabled | Whether to enable a hash operation for variable value The property is used to enable a hash operation for variable value when composing the persistence key. |
boolean | Default: "False" |
| variable_name | Variable name The property is the name of variable to be learnt. It is used to identify which variable's value is learnt from HTTP response. The variable can be a built-in variable such as "_cookie_JSESSIONID", a customized variable defined in LBVariableAssignmentAction or a captured variable in regular expression such as "article". For the full list of built-in variables, please reference the NSX-T Administrator's Guide. |
string | Required |
LBVariablePersistenceOnAction (schema) (Deprecated)
Action to persist the variable value
This action is performed in HTTP forwarding phase. It is used to inspect
the variable of HTTP request, and look up the persistence entry with its
value and pool uuid as key.
If the persistence entry is found, the HTTP request is forwarded to the
recorded backend server according to the persistence entry.
If the persistence entry is not found, a new entry is created in the
table after backend server is selected.
| Name | Description | Type | Notes |
|---|---|---|---|
| persistence_profile_path | Path to LBPersistenceProfile If the persistence profile path is not specified, a default persistence table is created per virtual server. Currently, only LBGenericPersistenceProfile is supported. |
string | |
| type | Must be set to the value LBVariablePersistenceOnAction | LBRuleActionType | Required |
| variable_hash_enabled | Whether to enable a hash operation for variable value The property is used to enable a hash operation for variable value when composing the persistence key. |
boolean | Default: "False" |
| variable_name | Variable name The property is the name of variable to be used. It specifies which variable's value of a HTTP Request will be used in the key of persistence entry. The variable can be a built-in variable such as "_cookie_JSESSIONID", a customized variable defined in LBVariableAssignmentAction or a captured variable in regular expression such as "article". For the full list of built-in variables, please reference the NSX-T Administrator's Guide. |
string | Required |
LBVirtualServer (schema)
Base class for each type of LBVirtualServer
All the types of LBVirtualServer extend from this abstract class. This
is present for extensibility.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| access_list_control | IP access list control to filter the connections Specifies the access list control to define how to filter the connections from clients. |
LBAccessListControl | |
| access_log_enabled | Access log enabled setting If access log is enabled, all HTTP requests sent to L7 virtual server are logged to the access log file. Both successful returns information responses(1xx), successful responses(2xx), redirection messages(3xx) and unsuccessful requests, backend server returns 4xx or 5xx, are logged to access log, if enabled. All L4 virtual server connections are also logged to the access log if enabled. The non-significant events such as successful requests are not logged if log_significant_event_only is set to true. |
boolean | Default: "False" |
| application_profile_path | Application profile path The application profile defines the application protocol characteristics. It is used to influence how load balancing is performed. Currently, LBFastTCPProfile, LBFastUDPProfile and LBHttpProfile, etc are supported. |
string | Required |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| client_ssl_profile_binding | Virtual server side SSL binding setting The setting is used when load balancer acts as an SSL server and terminating the client SSL connection. The property is deprecated as NSX-T Load Balancer is deprecated. |
LBClientSslProfileBinding | Deprecated |
| default_pool_member_ports | Default pool member ports when member port is not defined. Default pool member ports when member port is not defined. |
array of PortElement | Maximum items: 14 |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | whether the virtual server is enabled Flag to enable the load balancer virtual server. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| ip_address | IP address of the LBVirtualServer Configures the IP address of the LBVirtualServer where it receives all client connections and distributes them among the backend servers. |
IPAddress | Required |
| lb_persistence_profile_path | Persistence Profile used by LBVirtualServer Path to optional object that enables persistence on a virtual server allowing related client connections to be sent to the same backend server. Persistence is deactivated by default. |
string | |
| lb_service_path | Path to LBService object for LBVirtualServer virtual servers can be associated to LBService(which is similar to physical/virtual load balancer), LB virtual servers, pools and other entities could be defined independently, the LBService identifier list here would be used to maintain the relationship of LBService and other LB entities. |
string | |
| log_significant_event_only | Log only significant event in access log The property log_significant_event_only can take effect only when access_log_enabled is true. If log_significant_event_only is true, significant events are logged in access log. For L4 virtual server, significant event means unsuccessful(error or dropped) TCP/UDP connections. For L7 virtual server, significant event means unsuccessful connections or HTTP/HTTPS requests which have error response code(e.g. 4xx, 5xx). |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| max_concurrent_connections | Maximum concurrent connection number To ensure one virtual server does not over consume resources, affecting other applications hosted on the same LBS, connections to a virtual server can be capped. If it is not specified, it means that connections are unlimited. The property is deprecated as NSX-T Load Balancer is deprecated. |
integer | Deprecated Minimum: 1 Maximum: 2147483647 |
| max_new_connection_rate | Maximum new connection rate in connections per second To ensure one virtual server does not over consume resources, connections to a member can be rate limited. If it is not specified, it means that connection rate is unlimited. The property is deprecated as NSX-T Load Balancer is deprecated. |
integer | Deprecated Minimum: 1 Maximum: 2147483647 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pool_path | Default server pool path The server pool(LBPool) contains backend servers. Server pool consists of one or more servers, also referred to as pool members, that are similarly configured and are running the same application. |
string | |
| ports | Virtual server port number(s) or port range(s) Ports contains a list of at least one port or port range such as "80", "1234-1236". Each port element in the list should be a single port or a single port range. |
array of PortElement | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBVirtualServer | string | |
| rules | List of load balancer rules Load balancer rules allow customization of load balancing behavior using match/action rules. Currently, load balancer rules are supported for only layer 7 virtual servers with LBHttpProfile. The property is deprecated as NSX-T Load Balancer is deprecated. |
array of LBRule | Deprecated Maximum items: 4000 |
| server_ssl_profile_binding | Pool side SSL binding setting The setting is used when load balancer acts as an SSL client and establishing a connection to the backend server. The property is deprecated as NSX-T Load Balancer is deprecated. |
LBServerSslProfileBinding | Deprecated |
| sorry_pool_path | Sorry server pool path When load balancer can not select a backend server to serve the request in default pool or pool in rules, the request would be served by sorry server pool. The property is deprecated as NSX-T Load Balancer is deprecated. |
string | Deprecated |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBXForwardedForType (schema) (Deprecated)
X-forwarded-for type
X-forwarded-for type.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBXForwardedForType | X-forwarded-for type X-forwarded-for type. |
string | Deprecated Enum: INSERT, REPLACE |
Label (schema)
Label
Label that will be displayed for a UI element.
| Name | Description | Type | Notes |
|---|---|---|---|
| condition | Expression for evaluating condition If the condition is met then the label will be applied. Examples of expression syntax are provided under example_request section of CreateWidgetConfiguration API. |
string | Maximum length: 1024 |
| hover | Show label only on hover If true, displays the label only on hover |
boolean | Default: "False" |
| icons | Icons Icons to be applied at dashboard for the label |
array of Icon | Minimum items: 0 |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. |
string | Maximum length: 1024 |
| text | Label text Text to be displayed at the label. |
string | Required Maximum length: 255 |
LabelValueConfiguration (schema)
Label Value Dashboard Widget Configuration
Represents a Label-Value widget configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| layout | Layout of properties inside widget Layout of properties can be vertical or grid. If layout is not specified a default vertical layout is applied. |
Layout | |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. |
string | Maximum length: 1024 |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| properties | Rows An array of label-value properties. |
array of PropertyItem | Required |
| resource_type | Must be set to the value LabelValueConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| sub_type | Sub-type of the LabelValueConfiguration A sub-type of LabelValueConfiguration. If sub-type is not specified the parent type is rendered. For VERTICALLY_ALIGNED sub_type, the value is placed below the label. For HORIZONTALLY_ALIGNED sub_type, the value is placed right hand side of the label. |
string | Enum: VERTICALLY_ALIGNED, HORIZONTALLY_ALIGNED |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
Layout (schema)
Layout of a container or widget
Represents layout of a container or widget
| Name | Description | Type | Notes |
|---|---|---|---|
| properties | LayoutProperties | ||
| type | Type of layout of a container or widget Describes layout of a container or widget. Layout describes how individual widgets are placed inside the container. For example, if HORIZONTAL is chosen widgets are placed side by side inside the container. If VERTICAL is chosen then widgets are placed one below the other. If GRID is chosen then the container or widget display area is divided into a grid of m rows and n columns, as specified in the properties, and the widgets are placed inside the grid. If AUTO is chosen then container or widgets display area will be automatically calculated depending upon the required width. |
string | Enum: HORIZONTAL, VERTICAL, GRID, AUTO Default: "HORIZONTAL" |
LayoutProperties (schema)
Layout properties of a container or widget
Properties of the layout of a container or widget
| Name | Description | Type | Notes |
|---|---|---|---|
| num_columns | Number of columns of grid Describes the number of columns of grid layout of a container or widget. This property is applicable for grid layout only. |
int | |
| num_rows | Number of rows of grid Describes the number of rows of grid layout of a container or widget. This property is applicable for grid layout only. |
int |
LbHttpRequestHeader (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of HTTP request header | string | Required |
| header_value | Value of HTTP request header | string | Required |
LbLogLevel (schema)
the log level of load balancer service
| Name | Description | Type | Notes |
|---|---|---|---|
| LbLogLevel | the log level of load balancer service | string | Enum: DEBUG, INFO, WARNING, ERROR, CRITICAL, ALERT, EMERGENCY |
LbRuleMatchType (schema) (Deprecated)
Match type for LbRule conditions
LbRuleMatchType is used to determine how a specified string value is used
to match a specified LbRuleCondition field.
STARTS_WITH: If the LbRuleCondition field starts with specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
ENDS_WITH: If the LbRuleCondition field ends with specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
EQUALS: If the LbRuleCondition field is same as the specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
CONTAINS: If the LbRuleCondition field contains the specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
REGEX: If the LbRuleCondition field matches specified regular expression,
the condition matches. The regular expressions in load balancer rules use
the features common to both Java regular expressions and Perl Compatible
Regular Expressions (PCREs) with some restrictions. Reference
http://www.pcre.org for PCRE and the NSX-T Administrator's Guide for the
restrictions.
If named capturing groups are used in the regular expression, when a
match succeeds, the substrings of the subject string that match named
capturing groups are stored (captured) in variables with specific names
which can be used in the fields of LbRuleAction which support variables.
Named capturing group are defined in the format (?<name>subpattern),
such as (?<year>\d{4}).
For example, in the regular expression:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)", for
subject string "/news/2017/06/xyz.html", the substring "2017" is captured
in variable year, "06" is captured in variable month, and "xyz.html" is
captured in variable article. These variables can be used in LbRuleAction
fields which support variables in form of $name, such as $year, $month,
$article.
Please note, when regular expressions are used in JSON(JavaScript Object
Notation) string, every backslash character (\) needs to be escaped by one
additional backslash character.
| Name | Description | Type | Notes |
|---|---|---|---|
| LbRuleMatchType | Match type for LbRule conditions LbRuleMatchType is used to determine how a specified string value is used to match a specified LbRuleCondition field. STARTS_WITH: If the LbRuleCondition field starts with specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. ENDS_WITH: If the LbRuleCondition field ends with specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. EQUALS: If the LbRuleCondition field is same as the specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. CONTAINS: If the LbRuleCondition field contains the specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. REGEX: If the LbRuleCondition field matches specified regular expression, the condition matches. The regular expressions in load balancer rules use the features common to both Java regular expressions and Perl Compatible Regular Expressions (PCREs) with some restrictions. Reference http://www.pcre.org for PCRE and the NSX-T Administrator's Guide for the restrictions. If named capturing groups are used in the regular expression, when a match succeeds, the substrings of the subject string that match named capturing groups are stored (captured) in variables with specific names which can be used in the fields of LbRuleAction which support variables. Named capturing group are defined in the format (?<name>subpattern), such as (?<year>\d{4}). For example, in the regular expression: "/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)", for subject string "/news/2017/06/xyz.html", the substring "2017" is captured in variable year, "06" is captured in variable month, and "xyz.html" is captured in variable article. These variables can be used in LbRuleAction fields which support variables in form of $name, such as $year, $month, $article. Please note, when regular expressions are used in JSON(JavaScript Object Notation) string, every backslash character (\) needs to be escaped by one additional backslash character. |
string | Deprecated Enum: STARTS_WITH, ENDS_WITH, EQUALS, CONTAINS, REGEX |
LbServiceSize (schema)
the size of load balancer service
The size of load balancer service can be, SMALL, MEDIUM, LARGE, XLARGE, or
DLB. The first four sizes are realized on Edge node as a centralized load
balancer. DLB is realized on each ESXi hypervisor as a distributed load
balancer. DLB is supported for k8s cluster IPs managed by vSphere with
Kubernetes. DLB is NOT supported for any other workload types.
The load balancer service sizes, SMALL, MEDIUM, LARGE and XLARGE are all
deprecated. Customers who are using this set of features are advised to
migrate to NSX Advanced Load Balancer (Avi) which provides a superset of
the NSX-T load balancing functionality.
| Name | Description | Type | Notes |
|---|---|---|---|
| LbServiceSize | the size of load balancer service The size of load balancer service can be, SMALL, MEDIUM, LARGE, XLARGE, or DLB. The first four sizes are realized on Edge node as a centralized load balancer. DLB is realized on each ESXi hypervisor as a distributed load balancer. DLB is supported for k8s cluster IPs managed by vSphere with Kubernetes. DLB is NOT supported for any other workload types. The load balancer service sizes, SMALL, MEDIUM, LARGE and XLARGE are all deprecated. Customers who are using this set of features are advised to migrate to NSX Advanced Load Balancer (Avi) which provides a superset of the NSX-T load balancing functionality. |
string | Enum: SMALL, MEDIUM, LARGE, XLARGE, DLB |
LbSslSessionReusedType (schema) (Deprecated)
Type of SSL session reused
| Name | Description | Type | Notes |
|---|---|---|---|
| LbSslSessionReusedType | Type of SSL session reused | string | Deprecated Enum: IGNORE, REUSED, NEW |
LdapIdentitySource (schema)
An LDAP identity source
This is the base type for all identity sources that use LDAP for authentication and group membership.
This is an abstract type. Concrete child types:
ActiveDirectoryIdentitySource
OpenLdapIdentitySource
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alternative_domain_names | Additional domains to be directed to this identity source After parsing the "user@domain", the domain portion is used to select the LDAP identity source to use. Additional domains listed here will also be directed to this LDAP identity source. In Active Directory these are sometimes referred to as Alternative UPN Suffixes. |
array of string | |
| base_dn | DN of subtree for user and group searches The subtree of the LDAP identity source to search when locating users and groups. |
string | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| domain_name | Authentication domain name The name of the authentication domain. When users log into NSX using an identity of the form "user@domain", NSX uses the domain portion to determine which LDAP identity source to use. |
string | Required |
| id | Unique identifier of this resource | string | Sortable |
| ldap_servers | LDAP servers for this identity source The list of LDAP servers that provide LDAP service for this identity source. Currently, only one LDAP server is supported. |
array of IdentitySourceLdapServer | Maximum items: 3 |
| resource_type | Must be set to the value LdapIdentitySource | string | Required Enum: ActiveDirectoryIdentitySource, OpenLdapIdentitySource |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
LdapIdentitySourceListResult (schema)
List results containing LDAP identity sources
The results of listing LDAP identity sources.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | array of LdapIdentitySource (Abstract type: pass one of the following concrete types) ActiveDirectoryIdentitySource OpenLdapIdentitySource |
||
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
LdapIdentitySourceProbeResults (schema)
Results from probing all LDAP servers
Results from probing all LDAP servers in an LDAP identity source configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| results | Probe results Probe results for all probed LDAP servers. |
array of IdentitySourceLdapServerProbeResult |
LdapIdentitySourceSearchRequestParameters (schema)
Arguments for searching users and groups
To search for a user or group in an LDAP identity source,
provide a filter_value. The directory will be searched for
users and groups that match the search string.
User searches:
For Active Directory sources, the directory will be searched
for users whose commonName (CN) property contains the given
string and for users whose samAccountName property contains
the given string. For OpenLDAP sources, the directory will
be searched for users whose commonName (CN) property contains
the given string and for users whose uid property contains
the given string.
Group searches:
For both Active Directory and OpenLDAP sources, the directory
will be searched for groups whose commonName (CN) property
contains the the given string.
The LDAP server may impose a limit on the number of returned
entries.
| Name | Description | Type | Notes |
|---|---|---|---|
| filter_value | Search filter value A string to use when searching for users and groups in the LDAP identity source. |
string | Required |
LdapIdentitySourceSearchResultItem (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| common_name | Common Name (CN) of entry The Common Name (CN) of the entry, if available. |
string | |
| dn | DN of the entry Distinguished name (DN) of the entry. |
string | |
| principal_name | The principal name of the user or group, if available For Active Directory (AD) users, this will be the user principal name (UPN), in the format user@domain. For non-AD users, this will be the user's uid property, followed by "@" and the domain of the directory. For groups, this will be the group's common name, followed by "@" and the domain of the directory. |
string | |
| type | Type of the entry Describes the type of the entry |
string | Enum: USER, GROUP |
LdapIdentitySourceSearchResultList (schema)
A list of LDAP search results
A list of LDAP entries returned from a search of an LDAP identity source.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| results | array of LdapIdentitySourceSearchResultItem |
LdapProbeError (schema)
Error detail from probe
Detail about one error encountered during a probe.
| Name | Description | Type | Notes |
|---|---|---|---|
| error_type | Error type The cause of the error. BASE_DN_NOT_FOUND: The configured base DN does not exist on the LDAP server or is not readable. BIND_DN_AND_PASSWORD_REQUIRED: This server is configured to require a bind DN and password. Please add these to your LDAP server configuration. BIND_DN_INVALID: The bind DN or username provided is not valid on the LDAP server. Check that the bind DN is correct. This error may also indicate that the base DN in your configuration is incorrect. CERTIFICATE_HOSTNAME_MISMATCH_ERROR: The hostname configured for the LDAP server does not match the hostname in the server's certificate subject or alternative subject names. Be sure that the hostname you configure in NSX Manager matches one of those names. CERTIFICATE_MISMATCH_ERROR: The certificate presented by the LDAP server did not match the certificate in the configuration on the NSX Manager. CONNECTION_REFUSED: The connection was refused when contacting the LDAP server. Ensure that the LDAP server is running and that you are using the correct ip/hostname. CONNECTION_TIMEOUT: The connection timed out when contacting the LDAP server. Check the hostname/ip and any firewalls between the NSX Manager and the LDAP server. GENERAL_ERROR: An undetermined error occurred. INVALID_CONFIGURED_CERTIFICATE: The certificate configured for this LDAP server is invalid and could not be decoded. Check that the PEM-formatted certificate you provided is correct. INVALID_CREDENTIALS: The username and/or password are incorrect. SSL_HANDSHAKE_ERROR: An error occurred while establishing a secure connection with the LDAP server. Check that the LDAP server's certificate is correct, and that it is using an SSL/TLS cipher suite that is compatible with the NSX Manager. This error can also occur if the hostname you have configured for the LDAP server does not match any of the hostnames in the Subject Alternative Name records in the server certificate. STARTTLS_FAILED: Unable to use StartTLS to upgrade the connection to use TLS. Ensure that the LDAP server supports TLS and if not, use LDAP or LDAPS as the protocol. UNKNOWN_HOST: The hostname of the LDAP server could not be resolved. NO_ROUTE_TO_HOST: There is no network route to the host. BIND_EXCEPTION: A socket to the remote host could not be opened. PORT_UNREACHABLE: The LDAP port is not open on the remote host. BASE_DN_NOT_WITHIN_DOMAIN: For Active Directory, the base DN is not a subtree of the Domain Component tree corresponding to the LDAP domain. For example, if the domain is "example.com", the baseDN should be "dc=example, dc=com" or a subtree like "ou=Users,dc=example,dc=com". LDAP_SERVER_DISABLED: The LDAP server is marked as disabled in the NSX configuration and will not be used. |
string | Enum: BASE_DN_NOT_FOUND, BIND_DN_AND_PASSWORD_REQUIRED, BIND_DN_INVALID, CERTIFICATE_HOSTNAME_MISMATCH_ERROR, CERTIFICATE_MISMATCH_ERROR, CONNECTION_REFUSED, CONNECTION_TIMEOUT, GENERAL_ERROR, INVALID_CONFIGURED_CERTIFICATE, INVALID_CREDENTIALS, SSL_HANDSHAKE_ERROR, STARTTLS_FAILED, UNKNOWN_HOST, NO_ROUTE_TO_HOST, BIND_EXCEPTION, PORT_UNREACHABLE, BASE_DN_NOT_WITHIN_DOMAIN, LDAP_SERVER_DISABLED |
Legend (schema)
Legend for the widget
Represents legend that describes the entities of the widget.
| Name | Description | Type | Notes |
|---|---|---|---|
| alignment | Alignment of the legend Describes the alignment of legend. Alignment of a legend denotes how individual items of the legend are aligned in a container. For example, if VERTICAL is chosen then the items of the legend will appear one below the other and if HORIZONTAL is chosen then the items will appear side by side. |
string | Enum: HORIZONTAL, VERTICAL Default: "VERTICAL" |
| display_count | Show count of entities in the legend If set to true, it will display the counts in legend. If set to false, counts of entities are not displayed in the legend. |
boolean | Default: "True" |
| display_mode | Display mode for legends. Display mode for legends. |
string | Enum: SHOW_ALL_LEGENDS, SHOW_MIN_NO_OF_LEGENDS, SHOW_OTHER_GROUP_WITH_LEGENDS Default: "SHOW_ALL_LEGENDS" |
| filterable | Show checkbox along with legends if value is set to true Show checkbox along with legends if value is set to true. Widget filtering capability can be enable based on legend checkbox selection. for 'display_mode' SHOW_OTHER_GROUP_WITH_LEGENDS filterable property is not supported. |
boolean | Default: "False" |
| min_legends_display_count | A minimum number of legends to be displayed. A minimum number of legends to be displayed upfront. if 'display_mode' is set to SHOW_MIN_NO_OF_LEGENDS then this property value will be used to display number of legends upfront in the UI. |
int | Minimum: 1 Maximum: 12 Default: "3" |
| other_group_legend_label | A label for showing other category in legends. A translated label for showing other category label in legends. |
string | Default: "WIDGET_LABEL_OTHER_LEGEND_LABEL" |
| position | Placement of legend Describes the relative placement of legend. The legend of a widget can be placed either to the TOP or BOTTOM or LEFT or RIGHT relative to the widget. For example, if RIGHT is chosen then legend is placed to the right of the widget. |
string | Enum: TOP, BOTTOM, LEFT, RIGHT, TOP_RIGHT Default: "RIGHT" |
| type | Type of the legend Describes the render type for the legend. The legend for an entity describes the entity in the widget. The supported legend type is a circle against which the entity's details such as display_name are shown. The color of the circle denotes the color of the entity shown inside the widget. |
string | Enum: CIRCLE Default: "CIRCLE" |
| unit | Show unit of entities in the legend Show unit of entities in the legend. |
string |
LegendWidgetConfiguration (schema)
Legend widget Configuration
Represents configuration for Legend widget. For this widget the data source is not applicable. This widget can be use to add the Legend inside the dashboard container.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| layout | A layout for legend widget. Defines the layout for the legend widget |
Legend | Required |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value LegendWidgetConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| source_widget_id | Id of source widget for this legend widget Id of source widget, if any. Id should be a valid id of an existing widget. This property can be used to identify the source of the data for this legend widget. |
string | Required Maximum length: 255 |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
LineChartPlotConfiguration (schema)
A line chart plotting configuration
A line chart plotting configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| allow_maximize | Allow maximize capability for this widget Allow maximize capability for this widget |
boolean | |
| condition | Expression for evaluating condition for this chart config If the condition is met then the given chart config is applied to the widget configuration. |
string | Maximum length: 1024 |
| fill_gradient_area | Fill the line chart area with a gradient series color. Fill the line chart area with a gradient series color. |
boolean | |
| num_of_series_to_display | A number of series to be displayed upfront. Specifies the number of series to be displayed in a line chart. If no value is provided all the series will be displayed. |
int | Minimum: 1 Maximum: 16 |
| show_curved_lines | Show curved lines for series Used for displaying the curved lines for a series in a line chart. By default, straight line is used to for a series in a line chart. |
boolean | Default: "True" |
| show_data_in_tooltip | Show data in tooltip. Show the data in tooltip. |
boolean | Default: "False" |
| show_data_points | Show the Data point highlighting in line chart Controls the visiblity of the data points on the line chart. If value is set to false data points wont be high- lighted on the lines. |
boolean | Default: "True" |
| show_grid_lines | Show grid lines Controls the visiblity of the grid lines in line chart. |
boolean | Default: "True" |
| show_grouped_tooltip | Derives to show the grouped tooltip Controls the visiblity of the grouped tooltip in a line chart across all series. |
boolean | Default: "False" |
| show_min_max_on_series | Show min and max value on line series Controls the visiblity of the min and max value across line series in line chart. |
boolean | Default: "False" |
| show_unit_in_tooltip | Show data unit in tooltip. Show the data unit in tooltip. |
boolean | Default: "False" |
| sort_data_in_grouped_tooltip | Sort the data in grouped tooltip Sort the data in grouped tooltip. |
boolean | Default: "False" |
| sort_series | Perform sorting on series using the latest data point Specifies whether the series should be sorted by the latest data point. |
boolean | Default: "False" |
ListByNodeIdParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| source | The data source, either realtime or cached. If not provided, cached data is returned. | DataSourceType | |
| transport_node_id | TransportNode Id | string |
ListByOptionalTransportNodeParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| edge_path | Transport node | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ListCertParameter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| details | whether to expand the pem data and show all its details | boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| node_id | Node ID of certificate to return Provide this parameter to limit the list of returned certificates to those matching a particular node ID. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| type | Type of certificate to return Provide this parameter to limit the list of returned certificates to those matching a particular usage. Passing cluster_certificate will return the certificate used for the cluster wide API service. |
string | Enum: cluster_api_certificate, api_certificate |
ListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ListResult (schema)
Base class for list results from collections
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ListResultQueryParameters (schema)
Parameters that affect how list results are processed
| Name | Description | Type | Notes |
|---|---|---|---|
| fields | Fields to include in query results Comma-separated field names to include in query result |
string |
ListWithDataSourceParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| source | The data source, either realtime or cached. If not provided, cached data is returned. | DataSourceType |
LiveTraceConfig (schema)
Livetrace configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| actions | Livetrace actions Configuration of actions on the filtered packets. |
PolicyLiveTraceActionConfig | Required |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| filter | Packet filter Filter for flows of interest. |
LiveTraceFilterData (Abstract type: pass one of the following concrete types) FieldsFilterData PlainFilterData |
|
| id | Unique identifier of this resource | string | Sortable |
| ipsec_vpn_config | IPSec VPN configuration for starting livetrace on IPSec tunnel interface IPSec VPN configuration for starting livetrace on IPSec tunnel interface |
PolicyLiveTraceIpsecVpnConfig | |
| is_transient | Marker to indicate if the intent is transient This field indicates whether the intent is transient. If it is set to true, intent will be cleaned up after 1 hour of inactivity. |
boolean | Default: "True" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+. |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+. |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LiveTraceConfig | string | |
| src_port_path | Policy path of logical port Policy path of logical port to start a livetrace session. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Timeout in seconds for livetrace session The duration for observing live traffic on the specified source logical port. |
integer | Minimum: 5 Maximum: 600 Default: "10" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LiveTraceFilterData (schema)
This is an abstract type. Concrete child types:
FieldsFilterData
PlainFilterData
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Filter type | string | Required Enum: FieldsFilterData, PlainFilterData Default: "FieldsFilterData" |
LiveTracePacketGranularActionConfig (schema)
Configuration of livetrace packet granular action
| Name | Description | Type | Notes |
|---|---|---|---|
| dest_ipsec_vpn_config | IPSec VPN configuration for the reverse direction of a livetrace session. It is required only when the trace type is bidirectional. Multiple bi-directional actions in a livetrace session should have the same IPSec VPN config specified for the reverse direction. |
PolicyLiveTraceIpsecVpnConfig | |
| dest_port_path | Policy path of logical port Policy path of logical port for the reverse direction of a livetrace session. It is required only when the trace type is bidirectional. Multiple bi-directional actions in a livetrace session should have the same port specified for the reverse direction. |
string | |
| reverse_filter | Packet filter Filter for flows of interest at the reverse direction. It takes effect only when the trace type is bidirectional. Multiple bi-directional actions in a livetrace session should have the same filter specified for the reverse direction. |
LiveTraceFilterData (Abstract type: pass one of the following concrete types) FieldsFilterData PlainFilterData |
|
| sampling | Sampling parameter for the action Sampling parameter for the action. Trace action, packet capture action, and datapath statistics action only support first-N sampling. Count action will sample all packets that match the filter criteria, so there is no need to provide sampling for count action. |
LiveTraceSamplingConfig | |
| trace_type | Type of trace | string | Required Enum: UNI_DIRECTIONAL, BI_DIRECTIONAL |
LiveTraceSamplingConfig (schema)
Sampling parameter for a livetrace action
| Name | Description | Type | Notes |
|---|---|---|---|
| match_number | Parameter for first-N sampling. First N packets are sampled. The upper limits of sampling number for livetrace actions are listed as below: - trace action: 50 - packet capture action: 500 - datapath statistics action: 65535 |
integer | Minimum: 1 Maximum: 65535 |
| sampling_interval | Parameter for interval based sampling A packet is sampled for every given time interval in ms. |
integer | Minimum: 1 Maximum: 30000 |
| sampling_rate | Parameter for packet number based sampling 1 out of N packets is sampled on average. |
integer | Minimum: 1 Maximum: 65535 |